Vulnerability Description
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device. Cisco Bug IDs: CSCvc82982.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Prime Collaboration | 11.6 |
| Cisco | Prime Collaboration Assurance | 11.6 |
| Cisco | Prime Collaboration Provisioning | 11.6 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103329Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040462Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/103329Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040462Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2018-0141?
CVE-2018-0141 is a vulnerability with a CVSS score of 8.4 (HIGH). A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is du...
How severe is CVE-2018-0141?
CVE-2018-0141 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0141?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Prime Collaboration, Cisco Prime Collaboration Assurance, Cisco Prime Collaboration Provisioning.