Sign-up

ID

VAR-201806-1007


CVE

CVE-2018-0322


TITLE

Cisco Prime Collaboration Provisioning Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-006117

DESCRIPTION

A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vulnerability is due to a failure to enforce access restrictions on the Help Desk and User Provisioning roles that are assigned to authenticated users. This failure could allow an authenticated attacker to modify critical attributes of higher-privileged accounts on the device. A successful exploit could allow the attacker to gain elevated privileges on the device. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.1 and prior. Cisco Bug IDs: CSCvd61779. Vendors have confirmed this vulnerability Bug ID CSCvd61779 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

Trust: 2.07

sources: NVD: CVE-2018-0322 // JVNDB: JVNDB-2018-006117 // BID: 104443 // VULHUB: VHN-118524 // VULMON: CVE-2018-0322

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration provisioningscope:lteversion:12.1

Trust: 1.8

vendor:ciscomodel:prime collaborationscope:lteversion:12.1

Trust: 1.0

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:12.1

Trust: 0.9

vendor:ciscomodel:prime collaborationscope: - version: -

Trust: 0.8

vendor:ciscomodel:prime collaborationscope:eqversion:12.1

Trust: 0.6

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.5.1

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.6

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.5

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.2

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.1

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.0

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.6

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.5

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.0

Trust: 0.3

sources: BID: 104443 // JVNDB: JVNDB-2018-006117 // CNNVD: CNNVD-201806-393 // NVD: CVE-2018-0322

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0322
value: HIGH

Trust: 1.0

NVD: CVE-2018-0322
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201806-393
value: HIGH

Trust: 0.6

VULHUB: VHN-118524
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-0322
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0322
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118524
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0322
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118524 // VULMON: CVE-2018-0322 // JVNDB: JVNDB-2018-006117 // CNNVD: CNNVD-201806-393 // NVD: CVE-2018-0322

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

problemtype:CWE-862

Trust: 1.1

sources: VULHUB: VHN-118524 // JVNDB: JVNDB-2018-006117 // NVD: CVE-2018-0322

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-393

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201806-393

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006117

PATCH
title:cisco-sa-20180606-prime-accessurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-access
Trust: 0.8
title:Cisco Prime Collaboration Provisioning Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80740
Trust: 0.6
title:Cisco: Cisco Prime Collaboration Provisioning Access Control Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180606-prime-access
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-0322 // 
            
            
            
            JVNDB: JVNDB-2018-006117 // 
            
            
            
            CNNVD: CNNVD-201806-393

EXTERNAL IDS
db:NVDid:CVE-2018-0322
Trust: 2.9
db:BIDid:104443
Trust: 2.1
db:SECTRACKid:1041064
Trust: 1.8
db:JVNDBid:JVNDB-2018-006117
Trust: 0.8
db:CNNVDid:CNNVD-201806-393
Trust: 0.7
db:VULHUBid:VHN-118524
Trust: 0.1
db:VULMONid:CVE-2018-0322
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118524 // 
            
            
            
            VULMON: CVE-2018-0322 // 
            
            
            
            BID: 104443 // 
            
            
            
            JVNDB: JVNDB-2018-006117 // 
            
            
            
            CNNVD: CNNVD-201806-393 // 
            
            
            
            NVD: CVE-2018-0322

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-prime-access
Trust: 2.1
url:http://www.securityfocus.com/bid/104443
Trust: 1.9
url:http://www.securitytracker.com/id/1041064
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0322
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0322
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/862.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/144438
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118524 // 
            
            
            
            VULMON: CVE-2018-0322 // 
            
            
            
            BID: 104443 // 
            
            
            
            JVNDB: JVNDB-2018-006117 // 
            
            
            
            CNNVD: CNNVD-201806-393 // 
            
            
            
            NVD: CVE-2018-0322

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 104443

SOURCES
db:VULHUBid:VHN-118524
db:VULMONid:CVE-2018-0322
db:BIDid:104443
db:JVNDBid:JVNDB-2018-006117
db:CNNVDid:CNNVD-201806-393
db:NVDid:CVE-2018-0322

LAST UPDATE DATE
2024-11-23T22:45:17.940000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118524date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-0322date:2019-10-09T00:00:00
db:BIDid:104443date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006117date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-393date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0322date:2024-11-21T03:37:58.580

SOURCES RELEASE DATE
db:VULHUBid:VHN-118524date:2018-06-07T00:00:00
db:VULMONid:CVE-2018-0322date:2018-06-07T00:00:00
db:BIDid:104443date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006117date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-393date:2018-06-08T00:00:00
db:NVDid:CVE-2018-0322date:2018-06-07T12:29:00.730