—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco Prime Collaboration Provisioning Unauthorized Password Reset Vulnerability
Advisory ID: cisco-sa-20180606-prime-password-reset
Revision: 1.0
For Public Release: 2018 June 6 16:00 GMT
Last Updated: 2018 June 6 16:00 GMT
CVE ID(s): CVE-2018-0318
CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
+———————————————————————
Summary
=======
A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device.
The vulnerability is due to insufficient validation of a password reset request. An attacker could exploit this vulnerability by submitting a password reset request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJbGAZQXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczmAwQAIG9eF+RYsSCqEYEVWToi3S8MxdZ
FpkR4w1ZPZyoGAJnhPRrA0LFs8AAXPGULFlwXGpPDFarhxZfU9wIvWGvQ88ok1tc
30YN6Ep4vNUpNRTgeITR2RQznhVSaHGERosQKpQt9csfbuDPljseWJ7KIP2uYtcA
OxZU6tgxFApkK9Gs3PehNeAS8u2FH8Zp6bD48mW/dXORPhXV4e+dWNg3T0wdu2gS
avRoyJz2ygWff0r1q3avEPoxVvpwreG2UvhGn+jKT6B0ESpTNuYgVPV7hdj8ZLCu
rA0pgivYsMSJDtWBQHGJ+jHyiKzX3TZx8+F3A3HwYIY2Mo2wRdRWhBxlbZs6Ph/U
CNmU20HDwboA9Whbo1JGEm1trdye9onhWNyJnbzjAuNAZX7hW4MwA7tkj04pW7dR
EBpWv4hh0pcK061KW2iiLBxNTUsGabxBap7A+8ZbFrgQ6vr5cGfh1t3DL7hTAgir
BZFs/2Of47Lphh3UXyyb113I30HbgnXIKuqXl8zjmS7dnOPz5YMC3Ns37CmlR7pf
fRDO6nPBkTaHrwJPzsqvC3/ij7bRdaeujSeqRtFZrLzxxZMoR0EmkqaYL4I9y2fh
vc5PZLb6+EoQPg39RNRfgzpHiNI8d0C/1wm3PjYCUiBJMEMIW3QDW0LnelNn5gKk
hYrhLu+GSrGpgQsJ
=e3EQ
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com