You are here
Home > Preporuke > Ranjivost Cisco Prime Collaboration Provisioning softvera

Ranjivost Cisco Prime Collaboration Provisioning softvera

by Marina Dimic Vugec - 0

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability

Advisory ID: cisco-sa-20181003-cpcp-password

Revision: 1.0

For Public Release: 2018 October 3 16:00 GMT

Last Updated: 2018 October 3 16:00 GMT

CVE ID(s): CVE-2018-15389

CVSS Score v(3): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary

=======

A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install.

The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbtOquXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfcz+8EP/RtzvpbJDAElXzDU02uWytMoM8Gj
mug8wW+3l9ZBbB9LkKVs//bxzHMuKPykzpIO2N5CRgHxiK5HfWlZQoxJJH4Fswcg
8MsYZEjCPz+h6vSL3e2LikilQ3BF9pcLIJXwOR1uOPTQ2O5SszXBRGw+x0sXWa4J
jPec3ClFG9vmgWf7CFV9dqzLnoOpTynFGruwgQdf69Wf8zinghZJeMFnGGuJuFIP
rCRM2Pxee2qQEawe+FxfG8FqvZYdGMWlcUxM/7vf8+Gw89FZnxZhMqefOf7St9lT
4vzKC4ZfwifTNUILYHbaq/CjVqEpV/6khLLhpEvDIW+o++/ud4b7i9WCVVaoi/Ve
ZJoVB6mE/pmmvaA16T+1/Sm4hLRmZXDsv4sc2I45ryc4taKYQ8DjPT6Wllug5c54
NkPw+1rBXqpYeOUpJM398EMBd9ukzFD+LXoYiFITtsc4AX/OXPEEQqs1n8+kQ9zj
t606zYOkG4Y4bQa308HdCByliLpmAfScEdvbYMWvBwmCstea588NfU4Qk7rzZs5C
1IsSz8VvRlOId8nsOn383394EyI1+DUUr6odzhQuqigKQTNh+xYsVEh9pMNN+lGH
RoGX/aahrX7Vs65ojk+bEQ9VOkPV+THkoGybrFtg0zAkUIK9Tj0tGQJjSn99cU9d
bskRXKps05/CmUbC
=gEqa
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

Marina Dimic Vugec
Top
More in Preporuke
Ranjivost Cisco Digital Network Architecture Center softvera

Otkrivena je ranjivost u servisu upravljanja identitetima kod Cisco Digital Network Architecture Center (DNA) softvera uzrokovana nedovoljnim sigurnosnim ograničenjima nad...

Close