Executive Summary

Summary
TitleCisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability
Informations
Namecisco-sa-20181003-cpcp-passwordFirst vendor Publication2018-10-03
VendorCiscoLast vendor Modification2018-10-03
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base ScoreN/AAttack RangeN/A
Cvss Impact ScoreN/AAttack ComplexityN/A
Cvss Expoit ScoreN/AAuthenticationN/A
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install.

The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJbtOquXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfcz+8EP/RtzvpbJDAElXzDU02uWytMoM8Gj mug8wW+3l9ZBbB9LkKVs//bxzHMuKPykzpIO2N5CRgHxiK5HfWlZQoxJJH4Fswcg 8MsYZEjCPz+h6vSL3e2LikilQ3BF9pcLIJXwOR1uOPTQ2O5SszXBRGw+x0sXWa4J jPec3ClFG9vmgWf7CFV9dqzLnoOpTynFGruwgQdf69Wf8zinghZJeMFnGGuJuFIP rCRM2Pxee2qQEawe+FxfG8FqvZYdGMWlcUxM/7vf8+Gw89FZnxZhMqefOf7St9lT 4vzKC4ZfwifTNUILYHbaq/CjVqEpV/6khLLhpEvDIW+o++/ud4b7i9WCVVaoi/Ve ZJoVB6mE/pmmvaA16T+1/Sm4hLRmZXDsv4sc2I45ryc4taKYQ8DjPT6Wllug5c54 NkPw+1rBXqpYeOUpJM398EMBd9ukzFD+LXoYiFITtsc4AX/OXPEEQqs1n8+kQ9zj t606zYOkG4Y4bQa308HdCByliLpmAfScEdvbYMWvBwmCstea588NfU4Qk7rzZs5C 1IsSz8VvRlOId8nsOn383394EyI1+DUUr6odzhQuqigKQTNh+xYsVEh9pMNN+lGH RoGX/aahrX7Vs65ojk+bEQ9VOkPV+THkoGybrFtg0zAkUIK9Tj0tGQJjSn99cU9d bskRXKps05/CmUbC =gEqa END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2018-10-05 21:21:50
  • Multiple Updates
2018-10-03 21:19:37
  • First insertion