Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability
Informations
Name cisco-sa-20181003-cpcp-password First vendor Publication 2018-10-03
Vendor Cisco Last vendor Modification 2018-10-03
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install.

The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJbtOquXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfcz+8EP/RtzvpbJDAElXzDU02uWytMoM8Gj mug8wW+3l9ZBbB9LkKVs//bxzHMuKPykzpIO2N5CRgHxiK5HfWlZQoxJJH4Fswcg 8MsYZEjCPz+h6vSL3e2LikilQ3BF9pcLIJXwOR1uOPTQ2O5SszXBRGw+x0sXWa4J jPec3ClFG9vmgWf7CFV9dqzLnoOpTynFGruwgQdf69Wf8zinghZJeMFnGGuJuFIP rCRM2Pxee2qQEawe+FxfG8FqvZYdGMWlcUxM/7vf8+Gw89FZnxZhMqefOf7St9lT 4vzKC4ZfwifTNUILYHbaq/CjVqEpV/6khLLhpEvDIW+o++/ud4b7i9WCVVaoi/Ve ZJoVB6mE/pmmvaA16T+1/Sm4hLRmZXDsv4sc2I45ryc4taKYQ8DjPT6Wllug5c54 NkPw+1rBXqpYeOUpJM398EMBd9ukzFD+LXoYiFITtsc4AX/OXPEEQqs1n8+kQ9zj t606zYOkG4Y4bQa308HdCByliLpmAfScEdvbYMWvBwmCstea588NfU4Qk7rzZs5C 1IsSz8VvRlOId8nsOn383394EyI1+DUUr6odzhQuqigKQTNh+xYsVEh9pMNN+lGH RoGX/aahrX7Vs65ojk+bEQ9VOkPV+THkoGybrFtg0zAkUIK9Tj0tGQJjSn99cU9d bskRXKps05/CmUbC =gEqa END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-798 Use of Hard-coded Credentials (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Snort® IPS/IDS

Date Description
2020-12-05 Cisco Prime Collaboration Provisioning hardcoded LDAP password authentication...
RuleID : 48037 - Revision : 1 - Type : SERVER-OTHER

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2020-12-05 21:23:46
  • Multiple Updates
2019-01-05 00:22:06
  • Multiple Updates
2018-10-05 21:21:50
  • Multiple Updates
2018-10-03 21:19:37
  • First insertion