SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   Cisco Prime Collaboration Vendors:   Cisco
Cisco Prime Collaboration Provisioning Hard-Coded Account Password Lets Remote Users Access the Target System
SecurityTracker Alert ID:  1040462
SecurityTracker URL:  http://securitytracker.com/id/1040462
CVE Reference:   CVE-2018-0141   (Links to External Site)
Date:  Mar 7 2018
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): PCP 11.6 only
Description:   A vulnerability was reported in Cisco Prime Collaboration Provisioning (PCP). A remote user can gain access to the target system.

The system uses a hard-coded account password. A remote user can use these credentials to login via ssh and gain access to the underlying operating system on the target system.

Due to "extenuating circumstances", the remote user can then gain root privileges on the target system.

The vendor has assigned bug ID CSCvc82982 to this vulnerability.

[Editor's note: The vendor describes the vulnerability attack vector as 'Local' but indicates that the vulnerability can be exploited via ssh.]

Impact:   A remote user can gain access to the target system.
Solution:   The vendor has issued a fix.

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents

Subject:  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC