Vulnerability Description
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An attacker could exploit this vulnerability by modifying an access request. An exploit could allow the attacker to promote their account to any role defined on the system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. Cisco Bug IDs: CSCvc90286.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Prime Collaboration | <= 12.1 |
| Cisco | Prime Collaboration Provisioning | <= 12.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104432Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041080Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/104432Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041080Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2018-0317?
CVE-2018-0317 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficien...
How severe is CVE-2018-0317?
CVE-2018-0317 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0317?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Prime Collaboration, Cisco Prime Collaboration Provisioning.