Executive Summary
Summary | |
---|---|
Title | Cisco Prime Collaboration Provisioning Unauthorized Password Reset Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180606-prime-password-reset | First vendor Publication | 2018-06-06 |
Vendor | Cisco | Last vendor Modification | 2018-06-06 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could exploit this vulnerability by submitting a password reset request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbGAZQXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczmAwQAIG9eF+RYsSCqEYEVWToi3S8MxdZ FpkR4w1ZPZyoGAJnhPRrA0LFs8AAXPGULFlwXGpPDFarhxZfU9wIvWGvQ88ok1tc 30YN6Ep4vNUpNRTgeITR2RQznhVSaHGERosQKpQt9csfbuDPljseWJ7KIP2uYtcA OxZU6tgxFApkK9Gs3PehNeAS8u2FH8Zp6bD48mW/dXORPhXV4e+dWNg3T0wdu2gS avRoyJz2ygWff0r1q3avEPoxVvpwreG2UvhGn+jKT6B0ESpTNuYgVPV7hdj8ZLCu rA0pgivYsMSJDtWBQHGJ+jHyiKzX3TZx8+F3A3HwYIY2Mo2wRdRWhBxlbZs6Ph/U CNmU20HDwboA9Whbo1JGEm1trdye9onhWNyJnbzjAuNAZX7hW4MwA7tkj04pW7dR EBpWv4hh0pcK061KW2iiLBxNTUsGabxBap7A+8ZbFrgQ6vr5cGfh1t3DL7hTAgir BZFs/2Of47Lphh3UXyyb113I30HbgnXIKuqXl8zjmS7dnOPz5YMC3Ns37CmlR7pf fRDO6nPBkTaHrwJPzsqvC3/ij7bRdaeujSeqRtFZrLzxxZMoR0EmkqaYL4I9y2fh vc5PZLb6+EoQPg39RNRfgzpHiNI8d0C/1wm3PjYCUiBJMEMIW3QDW0LnelNn5gKk hYrhLu+GSrGpgQsJ =e3EQ END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-287 | Improper Authentication |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | Cisco Prime Collaboration Provisioning potentially unauthenticated administra... RuleID : 46911 - Revision : 1 - Type : SERVER-WEBAPP |
Alert History
Date | Informations |
---|---|
2020-12-05 21:23:46 |
|
2018-07-20 17:21:13 |
|
2018-06-07 17:21:02 |
|
2018-06-06 21:19:09 |
|