CVE-2018-0336 — Missing Authorization in Cisco Prime Collaboration
Severity
8.8HIGHNVD
EPSS
1.2%
top 21.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 7
Latest updateMay 13
Description
A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could exploit this vulnerability by uploading a batch file and having the batch file processed by the system. A successful exploit could allow the attacker to escalate privileges to the Administrator level. Cisc…
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages1 packages
🔴Vulnerability Details
2GHSA▶
GHSA-2cmf-8qcc-8v59: A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate↗2022-05-13
CVEList▶
CVE-2018-0336: A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate↗2018-06-07
📋Vendor Advisories
1Cisco▶
Cisco Prime Collaboration Provisioning Access Control Deficiency in Batch Function Privilege Escalation Vulnerability↗2018-06-06
💬Community
5Bugzilla▶
CVE-2014-8183 foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization↗2017-08-12
Bugzilla
▶