Sign-up

ID

VAR-201803-1367


CVE

CVE-2018-0141


TITLE

Cisco Prime Collaboration Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2018-002591

DESCRIPTION

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device. Cisco Bug IDs: CSCvc82982. Vendors have confirmed this vulnerability Bug ID CSCvc82982 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

Trust: 2.07

sources: NVD: CVE-2018-0141 // JVNDB: JVNDB-2018-002591 // BID: 103329 // VULHUB: VHN-118343 // VULMON: CVE-2018-0141

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.6

Trust: 2.7

vendor:ciscomodel:prime collaboration assurancescope:eqversion:11.6

Trust: 1.6

vendor:ciscomodel:prime collaborationscope:eqversion:11.6

Trust: 1.6

sources: BID: 103329 // JVNDB: JVNDB-2018-002591 // CNNVD: CNNVD-201803-263 // NVD: CVE-2018-0141

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0141
value: HIGH

Trust: 1.0

NVD: CVE-2018-0141
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201803-263
value: HIGH

Trust: 0.6

VULHUB: VHN-118343
value: HIGH

Trust: 0.1

VULMON: CVE-2018-0141
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0141
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118343
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0141
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118343 // VULMON: CVE-2018-0141 // JVNDB: JVNDB-2018-002591 // CNNVD: CNNVD-201803-263 // NVD: CVE-2018-0141

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-118343 // JVNDB: JVNDB-2018-002591 // NVD: CVE-2018-0141

THREAT TYPE

local

Trust: 0.9

sources: BID: 103329 // CNNVD: CNNVD-201803-263

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201803-263

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002591

PATCH
title:cisco-sa-20180307-cpcpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp
Trust: 0.8
title:Cisco Prime Collaboration Provisioning Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78996
Trust: 0.6
title:The Registerurl:https://www.theregister.co.uk/2018/03/08/cisco_security_patches/
Trust: 0.2
title:Cisco: Cisco Prime Collaboration Provisioning Hard-Coded Password Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180307-cpcp
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-0141 // 
            
            
            
            JVNDB: JVNDB-2018-002591 // 
            
            
            
            CNNVD: CNNVD-201803-263

EXTERNAL IDS
db:NVDid:CVE-2018-0141
Trust: 2.9
db:BIDid:103329
Trust: 2.1
db:SECTRACKid:1040462
Trust: 1.8
db:JVNDBid:JVNDB-2018-002591
Trust: 0.8
db:CNNVDid:CNNVD-201803-263
Trust: 0.6
db:VULHUBid:VHN-118343
Trust: 0.1
db:VULMONid:CVE-2018-0141
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118343 // 
            
            
            
            VULMON: CVE-2018-0141 // 
            
            
            
            BID: 103329 // 
            
            
            
            JVNDB: JVNDB-2018-002591 // 
            
            
            
            CNNVD: CNNVD-201803-263 // 
            
            
            
            NVD: CVE-2018-0141

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180307-cpcp
Trust: 2.2
url:http://www.securityfocus.com/bid/103329
Trust: 1.9
url:http://www.securitytracker.com/id/1040462
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0141
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0141
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118343 // 
            
            
            
            VULMON: CVE-2018-0141 // 
            
            
            
            BID: 103329 // 
            
            
            
            JVNDB: JVNDB-2018-002591 // 
            
            
            
            CNNVD: CNNVD-201803-263 // 
            
            
            
            NVD: CVE-2018-0141

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 103329

SOURCES
db:VULHUBid:VHN-118343
db:VULMONid:CVE-2018-0141
db:BIDid:103329
db:JVNDBid:JVNDB-2018-002591
db:CNNVDid:CNNVD-201803-263
db:NVDid:CVE-2018-0141

LAST UPDATE DATE
2024-11-23T23:08:46.133000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118343date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-0141date:2019-10-09T00:00:00
db:BIDid:103329date:2018-03-07T00:00:00
db:JVNDBid:JVNDB-2018-002591date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201803-263date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0141date:2024-11-21T03:37:36.077

SOURCES RELEASE DATE
db:VULHUBid:VHN-118343date:2018-03-08T00:00:00
db:VULMONid:CVE-2018-0141date:2018-03-08T00:00:00
db:BIDid:103329date:2018-03-07T00:00:00
db:JVNDBid:JVNDB-2018-002591date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201803-263date:2018-03-09T00:00:00
db:NVDid:CVE-2018-0141date:2018-03-08T07:29:00.283