CVE-2018-0319

CWE-255CWE-287Improper Authentication6 documents5 sources
Severity
9.8CRITICAL
EPSS
3.3%
top 12.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Prime CollaborationCisco Prime Collaboration Provisioning
Timeline
PublishedJun 7
Latest updateMay 13

Description

A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password recovery request. An attacker could exploit this vulnerability by submitting a password recovery request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privi

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5cisco_prime_collaboration_provisioning_unknownCisco Prime Collaboration Provisioning unknown

🔴Vulnerability Details

2
GHSA
GHSA-2x7m-3p63-3m3v: A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to g2022-05-13
CVEList
CVE-2018-0319: A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to g2018-06-07

📋Vendor Advisories

1
Cisco
Cisco Prime Collaboration Provisioning Unauthorized Password Recovery Vulnerability2018-06-06

💬Community

2
Bugzilla
CVE-2017-12633 camel-hessian: Apache Camel's Hessian unmarshalling operation is vulnerable to Remote Code Execution attacks2017-11-15
Bugzilla
CVE-2017-2617 Hawtio: Unrestricted file upload leads to RCE2017-02-05