CVE-2018-0318

CWE-255CWE-287Improper Authentication4 documents4 sources
Severity
9.8CRITICAL
EPSS
3.3%
top 12.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Prime CollaborationCisco Prime Collaboration Provisioning
Timeline
PublishedJun 7
Latest updateMay 13

Description

A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could exploit this vulnerability by submitting a password reset request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5cisco_prime_collaboration_provisioning_unknownCisco Prime Collaboration Provisioning unknown

🔴Vulnerability Details

2
GHSA
GHSA-57mr-h9qw-9p64: A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain2022-05-13
CVEList
CVE-2018-0318: A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain2018-06-07

📋Vendor Advisories

1
Cisco
Cisco Prime Collaboration Provisioning Unauthorized Password Reset Vulnerability2018-06-06