Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Cisco Prime Collaboration Provisioning Hard-Coded Password Vulnerability
Informations
Name cisco-sa-20180307-cpcp First vendor Publication 2018-03-07
Vendor Cisco Last vendor Modification 2018-03-07
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software could allow an unauthenticated, local attacker to log in to the underlying Linux operating system.

The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device.

Note: Although this vulnerability has a Common Vulnerability Scoring System (CVSS) Base score of 5.9, which is normally assigned a Security Impact Rating (SIR) of Medium, there are extenuating circumstances that allow an attacker to elevate privileges to root. For these reasons, the SIR has been set to Critical.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJaoA/nXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfcziWsQALgMDaBc/JUQl/4Ny3rudoGw7YKQ I40vE4rmhyf4228ZE8E8t6S+nmCHfxSE6MjaSASQo/aA6aueJydypz3kX2nMT+Jg mdTEd5msBZ0YTvsbcKeiDGPRTrgU7DRuit44HHLrMSPF/+GTwGHGay36S2mETaaN Pb2ktI6fqTq6nL9uiYqGzCdy4oLAhVA+m+MGoZWFQGwiNylSY8wbEu6Ji35Xe1nV t3rpt012mB+UVmpaeDqqfN8to28tFQFnkHuEjl1PrbN9zazyhixFHzbUIhxMfrCf 6cyol/WcF3wqf9aLpgOreByMxKhRRc8RH0JAcNYi9mZA/JJxo9YVXjGGSeoCoNGQ Zxh3N/zFd7JpYw1Do+YIXxK/aN6XUG9szXgqbrzEOQI622Ex7vpda3j5fMkjowWo yIfp9jRINNlWQ7frDSvkcNsbtkF4h6IwdOc4oVrgLK/ixdg1c3ierzoacVSsSfgP rFJk1xZ0uOGuoIpxUZejC/R07dihn149nTGhAZvsPrr/z9i7w87OsT3S+4GUStES UVppatNbLv/W/oClxLM+gjpBjqYroWUQV5UK1HTZpvFognUA9WudgxzxoSaeSsf7 MuaEJ1bDIBoI8g7JhjI5p8FhwUdZN9OdJzx6iCQip+OqvzWDBVP2M3RUJg7ob5JB YFxVRx1cpqnp2+DS =AqzZ END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-798 Use of Hard-coded Credentials (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Application 1

Nessus® Vulnerability Scanner

Date Description
2018-03-09 Name : The remote network management server is affected by a hard-coded password vul...
File : cisco_prime_cp_sa-20180307-cpcp.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2018-03-27 21:21:50
  • Multiple Updates
2018-03-08 12:07:06
  • Multiple Updates
2018-03-07 21:19:51
  • First insertion