Vulnerability Description
A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vulnerability is due to a failure to enforce access restrictions on the Help Desk and User Provisioning roles that are assigned to authenticated users. This failure could allow an authenticated attacker to modify critical attributes of higher-privileged accounts on the device. A successful exploit could allow the attacker to gain elevated privileges on the device. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.1 and prior. Cisco Bug IDs: CSCvd61779.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Prime Collaboration | <= 12.1 |
| Cisco | Prime Collaboration Provisioning | <= 12.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104443Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041064Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/104443Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041064Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2018-0322?
CVE-2018-0322 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary...
How severe is CVE-2018-0322?
CVE-2018-0322 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0322?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Prime Collaboration, Cisco Prime Collaboration Provisioning.