Password Recovery Flaw in Cisco Prime Collaboration Provisioning
CVE-2018-0319

9.8CRITICAL

Key Information:

Vendor
Cisco
Status
Cisco Prime Collaboration Provisioning Unknown
Vendor
CVE Published:
7 June 2018

Summary

A security flaw exists in the password recovery mechanism of Cisco Prime Collaboration Provisioning, which could be exploited by an unauthenticated remote attacker. The vulnerability arises from insufficient validation of password recovery requests, allowing attackers to modify any user's password. By leveraging this flaw, an attacker could gain administrative privileges on affected systems, posing a significant risk to organizations using vulnerable versions of Cisco Prime Collaboration Provisioning.

Affected Version(s)

Cisco Prime Collaboration Provisioning unknown Cisco Prime Collaboration Provisioning unknown

References

http://www.securityfocus.com/bid/104431
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041079
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.