Lucene search

CiscoCVE-2018-0141

HistoryMar 08, 2018 - 7:29 a.m.

CVE-2018-0141

2018-03-0807:29:00

CWE-798

cisco

web.nvd.nist.gov

cisco

prime

collaboration

provisioning

pcp

software

vulnerability

linux

ssh

security

exploit

cisco bug id

cscvc82982

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device. Cisco Bug IDs: CSCvc82982.

Affected configurations

Nvd

Node

ciscoprime_collaborationMatch11.6

ciscoprime_collaboration_assuranceMatch11.6

ciscoprime_collaboration_provisioningMatch11.6

VendorProductVersionCPE
ciscoprime_collaboration11.6cpe:2.3:a:cisco:prime_collaboration:11.6:*:*:*:*:*:*:*
ciscoprime_collaboration_assurance11.6cpe:2.3:a:cisco:prime_collaboration_assurance:11.6:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning11.6cpe:2.3:a:cisco:prime_collaboration_provisioning:11.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	prime_collaboration	11.6	cpe:2.3:a:cisco:prime_collaboration:11.6:::::::*
cisco	prime_collaboration_assurance	11.6	cpe:2.3:a:cisco:prime_collaboration_assurance:11.6:::::::*
cisco	prime_collaboration_provisioning	11.6	cpe:2.3:a:cisco:prime_collaboration_provisioning:11.6:::::::*

CNA Affected

[
  {
    "product": "Cisco Prime Collaboration Provisioning",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Prime Collaboration Provisioning"
      }
    ]
  }
]

References

www.securityfocus.com/bid/103329

www.securitytracker.com/id/1040462

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

Related for CVE-2018-0141