Sign-up

ID

VAR-201806-1003


CVE

CVE-2018-0318


TITLE

Cisco Prime Collaboration Provisioning Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-006113

DESCRIPTION

A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could exploit this vulnerability by submitting a password reset request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07245. Vendors have confirmed this vulnerability Bug ID CSCvd07245 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

Trust: 1.98

sources: NVD: CVE-2018-0318 // JVNDB: JVNDB-2018-006113 // BID: 104434 // VULHUB: VHN-118520

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration provisioningscope:lteversion:11.6

Trust: 1.8

vendor:ciscomodel:prime collaborationscope:lteversion:12.1

Trust: 1.0

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.6

Trust: 0.9

vendor:ciscomodel:prime collaborationscope: - version: -

Trust: 0.8

vendor:ciscomodel:prime collaborationscope:eqversion:12.1

Trust: 0.6

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.5.1

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.5

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.2

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.1

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.0

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.6

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.5

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.0

Trust: 0.3

sources: BID: 104434 // JVNDB: JVNDB-2018-006113 // CNNVD: CNNVD-201806-397 // NVD: CVE-2018-0318

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0318
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0318
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201806-397
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118520
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0318
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118520
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0318
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118520 // JVNDB: JVNDB-2018-006113 // CNNVD: CNNVD-201806-397 // NVD: CVE-2018-0318

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

problemtype:CWE-287

Trust: 1.1

sources: VULHUB: VHN-118520 // JVNDB: JVNDB-2018-006113 // NVD: CVE-2018-0318

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-397

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201806-397

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006113

PATCH
title:cisco-sa-20180606-prime-password-reseturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset
Trust: 0.8
title:Cisco Prime Collaboration Provisioning Repair measures for trust management vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80744
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-006113 // 
            
            
            
            CNNVD: CNNVD-201806-397

EXTERNAL IDS
db:NVDid:CVE-2018-0318
Trust: 2.8
db:BIDid:104434
Trust: 2.0
db:SECTRACKid:1041082
Trust: 1.7
db:JVNDBid:JVNDB-2018-006113
Trust: 0.8
db:CNNVDid:CNNVD-201806-397
Trust: 0.7
db:VULHUBid:VHN-118520
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118520 // 
            
            
            
            BID: 104434 // 
            
            
            
            JVNDB: JVNDB-2018-006113 // 
            
            
            
            CNNVD: CNNVD-201806-397 // 
            
            
            
            NVD: CVE-2018-0318

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-prime-password-reset
Trust: 2.0
url:http://www.securityfocus.com/bid/104434
Trust: 1.7
url:http://www.securitytracker.com/id/1041082
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0318
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0318
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118520 // 
            
            
            
            BID: 104434 // 
            
            
            
            JVNDB: JVNDB-2018-006113 // 
            
            
            
            CNNVD: CNNVD-201806-397 // 
            
            
            
            NVD: CVE-2018-0318

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 104434

SOURCES
db:VULHUBid:VHN-118520
db:BIDid:104434
db:JVNDBid:JVNDB-2018-006113
db:CNNVDid:CNNVD-201806-397
db:NVDid:CVE-2018-0318

LAST UPDATE DATE
2024-11-23T22:30:21.566000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118520date:2019-10-09T00:00:00
db:BIDid:104434date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006113date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-397date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0318date:2024-11-21T03:37:58.107

SOURCES RELEASE DATE
db:VULHUBid:VHN-118520date:2018-06-07T00:00:00
db:BIDid:104434date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006113date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-397date:2018-06-08T00:00:00
db:NVDid:CVE-2018-0318date:2018-06-07T12:29:00.573