Vulnerability Description
A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this vulnerability by changing a specific administrator account password. A successful exploit could allow the attacker to cause the affected device to become inoperable, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. Cisco Bug IDs: CSCvd86586.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Prime Collaboration | 12.1 |
| Cisco | Prime Collaboration Provisioning | <= 12.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104942Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041409Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/104942Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041409Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2018-0391?
CVE-2018-0391 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is d...
How severe is CVE-2018-0391?
CVE-2018-0391 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0391?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Prime Collaboration, Cisco Prime Collaboration Provisioning.