CVE-2018-0321

CWE-287Improper Authentication4 documents4 sources
Severity
9.8CRITICAL
EPSS
2.6%
top 14.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Prime CollaborationCisco Prime Collaboration AssuranceCisco Prime Collaboration Provisioning
Timeline
PublishedJun 7
Latest updateMay 13

Description

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due to an open port in the Network Interface and Configuration Engine (NICE) service. An attacker could exploit this vulnerability by accessing the open RMI system on an affected PCP instance. An exploit could allow the attacker to perform malicious actions that affect PCP and the devices that are connected

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

CVEListV5cisco_prime_collaboration_provisioning_unknownCisco Prime Collaboration Provisioning unknown

🔴Vulnerability Details

2
GHSA
GHSA-33wg-wpq3-mx7x: A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invoc2022-05-13
CVEList
CVE-2018-0321: A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invoc2018-06-07

📋Vendor Advisories

1
Cisco
Cisco Prime Collaboration Provisioning Unauthenticated Remote Method Invocation Vulnerability2018-06-06