—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco Prime Collaboration Provisioning Access Control Bypass Vulnerability
Advisory ID: cisco-sa-20180606-prime-bypass
Revision: 1.0
For Public Release: 2018 June 6 16:00 GMT
Last Updated: 2018 June 6 16:00 GMT
CVE ID(s): CVE-2018-0317
CVSS Score v(3): 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+———————————————————————
Summary
=======
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges.
The vulnerability is due to insufficient web portal access control checks. An attacker could exploit this vulnerability by modifying an access request. An exploit could allow the attacker to promote their account to any role defined on the system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJbGAZNXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczYD0P/iWNO3CrVEExDo1CjuB/aV9fryai
/ZGBLYEXyIM4Iz5UuMdBg0jENZwOLuMuoOPSfyr6npTLsHxqTUBauMbyWXasaI2s
ZtqSRznNcRK7ySOsVbpOsmAnsQ6AYfo6FETOophq4x8ebt5Df5vbnZN/CP/uieVP
grfaXRqVzKgSTmqHF7XBhLhQh2cRmA76EzAi4GGHZcegKSPMRRuZjVyklFlqX/M0
ll2osca2jj0BtcRYMTkTd59L8RoEk3M5HnfoM7JSjES3T97/m7aPLquwxFdZaGhB
Y/vvBriHt+fgPXt+tQ1M2lCu3gu5gr2m4om77JOh6METQQbWAuCw4yjbuS175gzs
MDjeoAfH5RkmpCDuhgfJsPhVTy9r5Dzrdbi5XYhCymIoAF5Dw9nfo6T1+iqgY5DK
QBcBrsSPQiUelivh/M6rkpTgfIT6qA6OaSLmj7Qeo+jasZrjutZSvBIjOenVKVh+
dfj9T7+XZ8anPmY9b80hE/xegZcErCelLdU/ee+OCPd5P+lvOtsJDfO3DOytXk/f
R9jq8isnQJR8//DykkVRtzKDaKdGtV6y5plwweVSzLItTD1WO89l2nj2zUQGgYZN
TDp0heKtU8RoyjMrxgDiQv/+W2rTgoLXLhvtXtiyvrsJaiLrJ6hZJ0sLVZyQqCnn
/c8Qu5tOzOXBC3qQ
=ZxO/
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com