Sign-up

ID

VAR-201806-1002


CVE

CVE-2018-0317


TITLE

Cisco Prime Collaboration Provisioning Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-006112

DESCRIPTION

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An attacker could exploit this vulnerability by modifying an access request. An exploit could allow the attacker to promote their account to any role defined on the system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. Cisco Bug IDs: CSCvc90286. Vendors have confirmed this vulnerability Bug ID CSCvc90286 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

Trust: 1.98

sources: NVD: CVE-2018-0317 // JVNDB: JVNDB-2018-006112 // BID: 104432 // VULHUB: VHN-118519

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration provisioningscope:lteversion:12.2

Trust: 1.8

vendor:ciscomodel:prime collaborationscope:lteversion:12.1

Trust: 1.0

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:12.2

Trust: 0.9

vendor:ciscomodel:prime collaborationscope: - version: -

Trust: 0.8

vendor:ciscomodel:prime collaborationscope:eqversion:12.1

Trust: 0.6

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.5.1

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.6

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.5

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.2

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.1

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.0

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.6

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.5

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.0

Trust: 0.3

sources: BID: 104432 // JVNDB: JVNDB-2018-006112 // CNNVD: CNNVD-201806-398 // NVD: CVE-2018-0317

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0317
value: HIGH

Trust: 1.0

NVD: CVE-2018-0317
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201806-398
value: HIGH

Trust: 0.6

VULHUB: VHN-118519
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0317
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118519
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0317
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118519 // JVNDB: JVNDB-2018-006112 // CNNVD: CNNVD-201806-398 // NVD: CVE-2018-0317

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

problemtype:CWE-862

Trust: 1.1

sources: VULHUB: VHN-118519 // JVNDB: JVNDB-2018-006112 // NVD: CVE-2018-0317

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-398

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201806-398

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006112

PATCH
title:cisco-sa-20180606-prime-bypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass
Trust: 0.8
title:Cisco Prime Collaboration Provisioning Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80745
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-006112 // 
            
            
            
            CNNVD: CNNVD-201806-398

EXTERNAL IDS
db:NVDid:CVE-2018-0317
Trust: 2.8
db:BIDid:104432
Trust: 2.0
db:SECTRACKid:1041080
Trust: 1.7
db:JVNDBid:JVNDB-2018-006112
Trust: 0.8
db:CNNVDid:CNNVD-201806-398
Trust: 0.7
db:VULHUBid:VHN-118519
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118519 // 
            
            
            
            BID: 104432 // 
            
            
            
            JVNDB: JVNDB-2018-006112 // 
            
            
            
            CNNVD: CNNVD-201806-398 // 
            
            
            
            NVD: CVE-2018-0317

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-prime-bypass
Trust: 2.0
url:http://www.securityfocus.com/bid/104432
Trust: 1.7
url:http://www.securitytracker.com/id/1041080
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0317
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0317
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118519 // 
            
            
            
            BID: 104432 // 
            
            
            
            JVNDB: JVNDB-2018-006112 // 
            
            
            
            CNNVD: CNNVD-201806-398 // 
            
            
            
            NVD: CVE-2018-0317

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 104432

SOURCES
db:VULHUBid:VHN-118519
db:BIDid:104432
db:JVNDBid:JVNDB-2018-006112
db:CNNVDid:CNNVD-201806-398
db:NVDid:CVE-2018-0317

LAST UPDATE DATE
2024-11-23T22:26:18.576000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118519date:2019-10-09T00:00:00
db:BIDid:104432date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006112date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-398date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0317date:2024-11-21T03:37:57.983

SOURCES RELEASE DATE
db:VULHUBid:VHN-118519date:2018-06-07T00:00:00
db:BIDid:104432date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006112date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-398date:2018-06-08T00:00:00
db:NVDid:CVE-2018-0317date:2018-06-07T12:29:00.527