Cross-Site Scripting Vulnerability in Cisco Prime Collaboration Provisioning Tool
CVE-2018-0205

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Prime Collaboration Provisioning Tool
Vendor
CVE Published:
22 February 2018

Summary

A vulnerability in the User Provisioning tab of Cisco's Prime Collaboration Provisioning Tool arises from insufficient input validation. An unauthenticated, remote attacker could exploit this by inserting malicious strings into the database, potentially granting unauthorized access. This allows attackers to execute scripts in the context of the web application, leading to further exploits and data exposure. It is crucial for organizations using this tool to apply fixes and implement security best practices to mitigate risks associated with this vulnerability.

Affected Version(s)

Cisco Prime Collaboration Provisioning Tool Cisco Prime Collaboration Provisioning Tool

References

http://www.securityfocus.com/bid/103145
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040409
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.