Details of VAR-201806-1006

ID

VAR-201806-1006

CVE

CVE-2018-0321

TITLE

Cisco Prime Collaboration Provisioning Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006116

DESCRIPTION

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due to an open port in the Network Interface and Configuration Engine (NICE) service. An attacker could exploit this vulnerability by accessing the open RMI system on an affected PCP instance. An exploit could allow the attacker to perform malicious actions that affect PCP and the devices that are connected to it. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd61746. Vendors have confirmed this vulnerability Bug ID CSCvd61746 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

Trust: 2.07

sources: NVD: CVE-2018-0321 // JVNDB: JVNDB-2018-006116 // BID: 104409 // VULHUB: VHN-118523 // VULMON: CVE-2018-0321

AFFECTED PRODUCTS

vendor:	cisco	model:	prime collaboration provisioning	scope:	lte	version:	11.6	Trust: 1.8
vendor:	cisco	model:	prime collaboration assurance	scope:	lte	version:	11.6	Trust: 1.0
vendor:	cisco	model:	prime collaboration	scope:	lte	version:	11.6	Trust: 1.0
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	11.6	Trust: 0.9
vendor:	cisco	model:	prime collaboration	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	prime collaboration assurance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	11.6	Trust: 0.6
vendor:	cisco	model:	prime collaboration	scope:	eq	version:	11.6	Trust: 0.6
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	10.5.1	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	11.5	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	11.2	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	11.1	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	11.0	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	10.6	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	10.5	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	10.0	Trust: 0.3
vendor:	cisco	model:	prime collaboration	scope:	eq	version:	12.1	Trust: 0.3

sources: BID: 104409 // JVNDB: JVNDB-2018-006116 // CNNVD: CNNVD-201806-394 // NVD: CVE-2018-0321

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0321
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-0321
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201806-394
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-118523
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-0321
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0321
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-118523
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0321
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118523 // VULMON: CVE-2018-0321 // JVNDB: JVNDB-2018-006116 // CNNVD: CNNVD-201806-394 // NVD: CVE-2018-0321

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-118523 // JVNDB: JVNDB-2018-006116 // NVD: CVE-2018-0321

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-394

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201806-394

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006116

PATCH

title:	cisco-sa-20180606-prime-rmi	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-rmi	Trust: 0.8
title:	Cisco Prime Collaboration Provisioning Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80741	Trust: 0.6
title:	Cisco: Cisco Prime Collaboration Provisioning Unauthenticated Remote Method Invocation Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180606-prime-rmi	Trust: 0.1

sources: VULMON: CVE-2018-0321 // JVNDB: JVNDB-2018-006116 // CNNVD: CNNVD-201806-394

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0321	Trust: 2.9
db:	BID	id:	104409	Trust: 2.1
db:	SECTRACK	id:	1041085	Trust: 1.8
db:	JVNDB	id:	JVNDB-2018-006116	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-394	Trust: 0.7
db:	VULHUB	id:	VHN-118523	Trust: 0.1
db:	VULMON	id:	CVE-2018-0321	Trust: 0.1

sources: VULHUB: VHN-118523 // VULMON: CVE-2018-0321 // BID: 104409 // JVNDB: JVNDB-2018-006116 // CNNVD: CNNVD-201806-394 // NVD: CVE-2018-0321

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-prime-rmi	Trust: 2.1
url:	http://www.securityfocus.com/bid/104409	Trust: 1.8
url:	http://www.securitytracker.com/id/1041085	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0321	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0321	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/144417	Trust: 0.1

sources: VULHUB: VHN-118523 // VULMON: CVE-2018-0321 // BID: 104409 // JVNDB: JVNDB-2018-006116 // CNNVD: CNNVD-201806-394 // NVD: CVE-2018-0321

CREDITS

Cisco.

Trust: 0.3

sources: BID: 104409

SOURCES

db:	VULHUB	id:	VHN-118523
db:	VULMON	id:	CVE-2018-0321
db:	BID	id:	104409
db:	JVNDB	id:	JVNDB-2018-006116
db:	CNNVD	id:	CNNVD-201806-394
db:	NVD	id:	CVE-2018-0321

LAST UPDATE DATE

2024-11-23T22:34:15.498000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118523	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2018-0321	date:	2019-10-09T00:00:00
db:	BID	id:	104409	date:	2018-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-006116	date:	2018-08-07T00:00:00
db:	CNNVD	id:	CNNVD-201806-394	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0321	date:	2024-11-21T03:37:58.453

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118523	date:	2018-06-07T00:00:00
db:	VULMON	id:	CVE-2018-0321	date:	2018-06-07T00:00:00
db:	BID	id:	104409	date:	2018-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-006116	date:	2018-08-07T00:00:00
db:	CNNVD	id:	CNNVD-201806-394	date:	2018-06-08T00:00:00
db:	NVD	id:	CVE-2018-0321	date:	2018-06-07T12:29:00.683