Details of VAR-201806-1004

ID

VAR-201806-1004

CVE

CVE-2018-0319

TITLE

Cisco Prime Collaboration Provisioning Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-006114

DESCRIPTION

A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password recovery request. An attacker could exploit this vulnerability by submitting a password recovery request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07253. Vendors have confirmed this vulnerability Bug ID CSCvd07253 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

Trust: 1.98

sources: NVD: CVE-2018-0319 // JVNDB: JVNDB-2018-006114 // BID: 104431 // VULHUB: VHN-118521

AFFECTED PRODUCTS

vendor:	cisco	model:	prime collaboration provisioning	scope:	lte	version:	11.6	Trust: 1.8
vendor:	cisco	model:	prime collaboration	scope:	lte	version:	12.1	Trust: 1.0
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	11.6	Trust: 0.9
vendor:	cisco	model:	prime collaboration	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	prime collaboration	scope:	eq	version:	12.1	Trust: 0.6
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	10.5.1	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	11.5	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	11.2	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	11.1	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	11.0	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	10.6	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	10.5	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	10.0	Trust: 0.3

sources: BID: 104431 // JVNDB: JVNDB-2018-006114 // CNNVD: CNNVD-201806-396 // NVD: CVE-2018-0319

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0319
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-0319
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201806-396
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-118521
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0319
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118521
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0319
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118521 // JVNDB: JVNDB-2018-006114 // CNNVD: CNNVD-201806-396 // NVD: CVE-2018-0319

PROBLEMTYPE DATA

problemtype:	CWE-255	Trust: 1.9
problemtype:	CWE-287	Trust: 1.1

sources: VULHUB: VHN-118521 // JVNDB: JVNDB-2018-006114 // NVD: CVE-2018-0319

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-396

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201806-396

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006114

PATCH

title:	cisco-sa-20180606-prime-password-recovery	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery	Trust: 0.8
title:	Cisco Prime Collaboration Provisioning Repair measures for trust management vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80743	Trust: 0.6

sources: JVNDB: JVNDB-2018-006114 // CNNVD: CNNVD-201806-396

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0319	Trust: 2.8
db:	BID	id:	104431	Trust: 2.0
db:	SECTRACK	id:	1041079	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-006114	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-396	Trust: 0.7
db:	VULHUB	id:	VHN-118521	Trust: 0.1

sources: VULHUB: VHN-118521 // BID: 104431 // JVNDB: JVNDB-2018-006114 // CNNVD: CNNVD-201806-396 // NVD: CVE-2018-0319

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-prime-password-recovery	Trust: 2.0
url:	http://www.securityfocus.com/bid/104431	Trust: 1.7
url:	http://www.securitytracker.com/id/1041079	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0319	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0319	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118521 // BID: 104431 // JVNDB: JVNDB-2018-006114 // CNNVD: CNNVD-201806-396 // NVD: CVE-2018-0319

CREDITS

Cisco.

Trust: 0.3

sources: BID: 104431

SOURCES

db:	VULHUB	id:	VHN-118521
db:	BID	id:	104431
db:	JVNDB	id:	JVNDB-2018-006114
db:	CNNVD	id:	CNNVD-201806-396
db:	NVD	id:	CVE-2018-0319

LAST UPDATE DATE

2024-11-23T22:38:07.854000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118521	date:	2019-10-09T00:00:00
db:	BID	id:	104431	date:	2018-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-006114	date:	2018-08-07T00:00:00
db:	CNNVD	id:	CNNVD-201806-396	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0319	date:	2024-11-21T03:37:58.220

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118521	date:	2018-06-07T00:00:00
db:	BID	id:	104431	date:	2018-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-006114	date:	2018-08-07T00:00:00
db:	CNNVD	id:	CNNVD-201806-396	date:	2018-06-08T00:00:00
db:	NVD	id:	CVE-2018-0319	date:	2018-06-07T12:29:00.607