Access Control Vulnerability in Cisco Prime Collaboration Provisioning
CVE-2018-0322

8.8HIGH

Key Information:

Vendor
Cisco
Status
Cisco Prime Collaboration Provisioning Unknown
Vendor
CVE Published:
7 June 2018

Summary

A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning enables an authenticated remote attacker to alter sensitive account data associated with any accounts on the device. This is due to a lack of proper access control measures on the Help Desk and User Provisioning roles assigned to authenticated users. The improper enforcement of these access restrictions could permit an attacker to modify critical attributes of accounts with higher privileges, potentially leading to unauthorized access and elevated privileges within the application. This affects Cisco Prime Collaboration Provisioning versions 12.1 and earlier.

Affected Version(s)

Cisco Prime Collaboration Provisioning unknown Cisco Prime Collaboration Provisioning unknown

References

http://www.securitytracker.com/id/1041064
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104443
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.