CVE-2018-0141

CWE-798Hard-coded Credentials4 documents4 sources
Severity
8.4HIGH
EPSS
0.1%
top 73.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Prime CollaborationCisco Prime Collaboration AssuranceCisco Prime Collaboration Provisioning
Timeline
PublishedMar 8
Latest updateMay 13

Description

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged use

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages4 packages

CVEListV5cisco_prime_collaboration_provisioningCisco Prime Collaboration Provisioning

🔴Vulnerability Details

2
GHSA
GHSA-mx4m-2wwh-7g8m: A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 112022-05-13
CVEList
CVE-2018-0141: A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 112018-03-08

📋Vendor Advisories

1
Cisco
Cisco Prime Collaboration Provisioning Hard-Coded Password Vulnerability2018-03-08