Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Cisco Prime Collaboration Vendors:   Cisco
Cisco Prime Collaboration Provisioning Hard-Coded Account Password Lets Remote Users Access the Target System
SecurityTracker Alert ID:  1040462
SecurityTracker URL:
CVE Reference:   CVE-2018-0141   (Links to External Site)
Date:  Mar 7 2018
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): PCP 11.6 only
Description:   A vulnerability was reported in Cisco Prime Collaboration Provisioning (PCP). A remote user can gain access to the target system.

The system uses a hard-coded account password. A remote user can use these credentials to login via ssh and gain access to the underlying operating system on the target system.

Due to "extenuating circumstances", the remote user can then gain root privileges on the target system.

The vendor has assigned bug ID CSCvc82982 to this vulnerability.

[Editor's note: The vendor describes the vulnerability attack vector as 'Local' but indicates that the vulnerability can be exploited via ssh.]

Impact:   A remote user can gain access to the target system.
Solution:   The vendor has issued a fix.

The vendor advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC