A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install.
The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password”]
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | prime_collaboration_provisioning | any | cpe:2.3:a:cisco:prime_collaboration_provisioning:any:*:*:*:*:*:*:* |