CVE-2018-15389
published 2018-10-05CVE-2018-15389: A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_prime_collaboration_provisioning | — | — |
| cisco | prime_collaboration | — | — |
| cisco | prime_collaboration_provisioning_intermittent_hard-coded_password | — | — |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.1.2-1.1+deb9u5build0.16.04.1 | 2.1.2-1.1+deb9u5build0.16.04.1 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv7.5HIGH