Vulnerability Description
A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Prime Collaboration | 12.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104473Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041069Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/104473Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041069Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2018-0335?
CVE-2018-0335 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to im...
How severe is CVE-2018-0335?
CVE-2018-0335 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0335?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Prime Collaboration.