Executive Summary
Summary | |
---|---|
Title | Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20181003-cpcp-password | First vendor Publication | 2018-10-03 |
Vendor | Cisco | Last vendor Modification | 2018-10-03 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbtOquXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfcz+8EP/RtzvpbJDAElXzDU02uWytMoM8Gj mug8wW+3l9ZBbB9LkKVs//bxzHMuKPykzpIO2N5CRgHxiK5HfWlZQoxJJH4Fswcg 8MsYZEjCPz+h6vSL3e2LikilQ3BF9pcLIJXwOR1uOPTQ2O5SszXBRGw+x0sXWa4J jPec3ClFG9vmgWf7CFV9dqzLnoOpTynFGruwgQdf69Wf8zinghZJeMFnGGuJuFIP rCRM2Pxee2qQEawe+FxfG8FqvZYdGMWlcUxM/7vf8+Gw89FZnxZhMqefOf7St9lT 4vzKC4ZfwifTNUILYHbaq/CjVqEpV/6khLLhpEvDIW+o++/ud4b7i9WCVVaoi/Ve ZJoVB6mE/pmmvaA16T+1/Sm4hLRmZXDsv4sc2I45ryc4taKYQ8DjPT6Wllug5c54 NkPw+1rBXqpYeOUpJM398EMBd9ukzFD+LXoYiFITtsc4AX/OXPEEQqs1n8+kQ9zj t606zYOkG4Y4bQa308HdCByliLpmAfScEdvbYMWvBwmCstea588NfU4Qk7rzZs5C 1IsSz8VvRlOId8nsOn383394EyI1+DUUr6odzhQuqigKQTNh+xYsVEh9pMNN+lGH RoGX/aahrX7Vs65ojk+bEQ9VOkPV+THkoGybrFtg0zAkUIK9Tj0tGQJjSn99cU9d bskRXKps05/CmUbC =gEqa END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-798 | Use of Hard-coded Credentials (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | Cisco Prime Collaboration Provisioning hardcoded LDAP password authentication... RuleID : 48037 - Revision : 1 - Type : SERVER-OTHER |
Alert History
Date | Informations |
---|---|
2020-12-05 21:23:46 |
|
2019-01-05 00:22:06 |
|
2018-10-05 21:21:50 |
|
2018-10-03 21:19:37 |
|