Privilege Escalation Vulnerability in Cisco Prime Collaboration Provisioning
CVE-2018-0317

8.8HIGH

Key Information:

Vendor
Cisco
Status
Cisco Prime Collaboration Provisioning Unknown
Vendor
CVE Published:
7 June 2018

Summary

A vulnerability exists in the web interface of Cisco Prime Collaboration Provisioning that allows an authenticated, remote attacker to escalate privileges. This issue arises from inadequate access controls in the web portal. By manipulating an access request, an attacker may elevate their account permissions to roles defined within the system. This vulnerability impacts Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and earlier versions.

Affected Version(s)

Cisco Prime Collaboration Provisioning unknown Cisco Prime Collaboration Provisioning unknown

References

http://www.securitytracker.com/id/1041080
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104432
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.