—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability
Advisory ID: cisco-sa-20181003-cpcp-password
Revision: 1.0
For Public Release: 2018 October 3 16:00 GMT
Last Updated: 2018 October 3 16:00 GMT
CVE ID(s): CVE-2018-15389
CVSS Score v(3): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
+———————————————————————
Summary
=======
A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install.
The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJbtOquXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfcz+8EP/RtzvpbJDAElXzDU02uWytMoM8Gj
mug8wW+3l9ZBbB9LkKVs//bxzHMuKPykzpIO2N5CRgHxiK5HfWlZQoxJJH4Fswcg
8MsYZEjCPz+h6vSL3e2LikilQ3BF9pcLIJXwOR1uOPTQ2O5SszXBRGw+x0sXWa4J
jPec3ClFG9vmgWf7CFV9dqzLnoOpTynFGruwgQdf69Wf8zinghZJeMFnGGuJuFIP
rCRM2Pxee2qQEawe+FxfG8FqvZYdGMWlcUxM/7vf8+Gw89FZnxZhMqefOf7St9lT
4vzKC4ZfwifTNUILYHbaq/CjVqEpV/6khLLhpEvDIW+o++/ud4b7i9WCVVaoi/Ve
ZJoVB6mE/pmmvaA16T+1/Sm4hLRmZXDsv4sc2I45ryc4taKYQ8DjPT6Wllug5c54
NkPw+1rBXqpYeOUpJM398EMBd9ukzFD+LXoYiFITtsc4AX/OXPEEQqs1n8+kQ9zj
t606zYOkG4Y4bQa308HdCByliLpmAfScEdvbYMWvBwmCstea588NfU4Qk7rzZs5C
1IsSz8VvRlOId8nsOn383394EyI1+DUUr6odzhQuqigKQTNh+xYsVEh9pMNN+lGH
RoGX/aahrX7Vs65ojk+bEQ9VOkPV+THkoGybrFtg0zAkUIK9Tj0tGQJjSn99cU9d
bskRXKps05/CmUbC
=gEqa
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com