Executive Summary
| Summary | |
|---|---|
| Title | Cisco Prime Collaboration Provisioning Access Control Bypass Vulnerability |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20180606-prime-bypass | First vendor Publication | 2018-06-06 |
| Vendor | Cisco | Last vendor Modification | 2018-06-06 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An attacker could exploit this vulnerability by modifying an access request. An exploit could allow the attacker to promote their account to any role defined on the system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbGAZNXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczYD0P/iWNO3CrVEExDo1CjuB/aV9fryai /ZGBLYEXyIM4Iz5UuMdBg0jENZwOLuMuoOPSfyr6npTLsHxqTUBauMbyWXasaI2s ZtqSRznNcRK7ySOsVbpOsmAnsQ6AYfo6FETOophq4x8ebt5Df5vbnZN/CP/uieVP grfaXRqVzKgSTmqHF7XBhLhQh2cRmA76EzAi4GGHZcegKSPMRRuZjVyklFlqX/M0 ll2osca2jj0BtcRYMTkTd59L8RoEk3M5HnfoM7JSjES3T97/m7aPLquwxFdZaGhB Y/vvBriHt+fgPXt+tQ1M2lCu3gu5gr2m4om77JOh6METQQbWAuCw4yjbuS175gzs MDjeoAfH5RkmpCDuhgfJsPhVTy9r5Dzrdbi5XYhCymIoAF5Dw9nfo6T1+iqgY5DK QBcBrsSPQiUelivh/M6rkpTgfIT6qA6OaSLmj7Qeo+jasZrjutZSvBIjOenVKVh +dfj9T7+XZ8anPmY9b80hE/xegZcErCelLdU/ee+OCPd5P+lvOtsJDfO3DOytXk/f R9jq8isnQJR8//DykkVRtzKDaKdGtV6y5plwweVSzLItTD1WO89l2nj2zUQGgYZN TDp0heKtU8RoyjMrxgDiQv/+W2rTgoLXLhvtXtiyvrsJaiLrJ6hZJ0sLVZyQqCnn /c8Qu5tOzOXBC3qQ =ZxO/ END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CPE : Common Platform Enumeration
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-12-05 | Cisco Prime Collaboration Provisioning access control group modification requ... RuleID : 46899 - Revision : 1 - Type : POLICY-OTHER |
Alert History
| Date | Informations |
|---|---|
| 2020-12-05 21:23:46 |
|
| 2018-07-20 17:21:13 |
|
| 2018-06-07 17:21:02 |
|
| 2018-06-06 21:19:08 |
|
