CVE-2018-0335
Severity
7.8HIGH
EPSS
0.4%
top 40.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 7
Latest updateMay 13
Description
A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages2 packages
▶CVEListV5cisco_prime_collaboration_provisioning_unknownCisco Prime Collaboration Provisioning unknown
🔴Vulnerability Details
2GHSA▶
GHSA-4gxr-h3cg-2j83: A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to v↗2022-05-13
CVEList▶
CVE-2018-0335: A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to v↗2018-06-07
📋Vendor Advisories
1Cisco▶
Cisco Prime Collaboration Provisioning Cleartext Passwords Written to World-Readable File Vulnerability↗2018-06-06