Sign-up

ID

VAR-201806-1005


CVE

CVE-2018-0320


TITLE

Cisco Prime Collaboration Provisioning In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006115

DESCRIPTION

A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.1 and prior. Cisco Bug IDs: CSCvd61754. Vendors have confirmed this vulnerability Bug ID CSCvd61754 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

Trust: 1.98

sources: NVD: CVE-2018-0320 // JVNDB: JVNDB-2018-006115 // BID: 104416 // VULHUB: VHN-118522

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration provisioningscope:lteversion:12.1

Trust: 1.8

vendor:ciscomodel:prime collaborationscope:lteversion:12.1

Trust: 1.0

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:12.1

Trust: 0.9

vendor:ciscomodel:prime collaborationscope: - version: -

Trust: 0.8

vendor:ciscomodel:prime collaborationscope:eqversion:12.1

Trust: 0.6

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.5.1

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:9.5

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:9.0

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.6

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.5

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.2

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.1

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.0

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.6

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.5

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.0

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:neversion:12.2

Trust: 0.3

sources: BID: 104416 // JVNDB: JVNDB-2018-006115 // CNNVD: CNNVD-201806-395 // NVD: CVE-2018-0320

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0320
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0320
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201806-395
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118522
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0320
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118522
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0320
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118522 // JVNDB: JVNDB-2018-006115 // CNNVD: CNNVD-201806-395 // NVD: CVE-2018-0320

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-118522 // JVNDB: JVNDB-2018-006115 // NVD: CVE-2018-0320

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-395

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201806-395

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006115

PATCH
title:cisco-sa-20180606-prime-sqlurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-sql
Trust: 0.8
title:Cisco Prime Collaboration Provisioning SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80742
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-006115 // 
            
            
            
            CNNVD: CNNVD-201806-395

EXTERNAL IDS
db:NVDid:CVE-2018-0320
Trust: 2.8
db:BIDid:104416
Trust: 2.0
db:SECTRACKid:1041084
Trust: 1.7
db:JVNDBid:JVNDB-2018-006115
Trust: 0.8
db:CNNVDid:CNNVD-201806-395
Trust: 0.7
db:VULHUBid:VHN-118522
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118522 // 
            
            
            
            BID: 104416 // 
            
            
            
            JVNDB: JVNDB-2018-006115 // 
            
            
            
            CNNVD: CNNVD-201806-395 // 
            
            
            
            NVD: CVE-2018-0320

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-prime-sql
Trust: 2.0
url:http://www.securityfocus.com/bid/104416
Trust: 1.7
url:http://www.securitytracker.com/id/1041084
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0320
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0320
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118522 // 
            
            
            
            BID: 104416 // 
            
            
            
            JVNDB: JVNDB-2018-006115 // 
            
            
            
            CNNVD: CNNVD-201806-395 // 
            
            
            
            NVD: CVE-2018-0320

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 104416

SOURCES
db:VULHUBid:VHN-118522
db:BIDid:104416
db:JVNDBid:JVNDB-2018-006115
db:CNNVDid:CNNVD-201806-395
db:NVDid:CVE-2018-0320

LAST UPDATE DATE
2024-11-23T22:48:41.958000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118522date:2019-10-09T00:00:00
db:BIDid:104416date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006115date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-395date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0320date:2024-11-21T03:37:58.337

SOURCES RELEASE DATE
db:VULHUBid:VHN-118522date:2018-06-07T00:00:00
db:BIDid:104416date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006115date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-395date:2018-06-08T00:00:00
db:NVDid:CVE-2018-0320date:2018-06-07T12:29:00.653