VAR-201810-0576
Vulnerability from variot - Updated: 2023-12-18 13:23A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges. Cisco Prime Collaboration Provisioning is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device. Versions prior to Cisco Prime Collaboration Provisioning 12.1 are vulnerable. This issue is being tracked by Cisco Bug ID CSCvd86564. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments. A trust management vulnerability exists in the installation functionality in Cisco PCP releases prior to 12.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0576",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prime collaboration",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "prime collaboration",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5.1"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.6"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.6"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0"
},
{
"model": "prime collaboration provisioning",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1"
}
],
"sources": [
{
"db": "BID",
"id": "105942"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012990"
},
{
"db": "NVD",
"id": "CVE-2018-15389"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-184"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_collaboration:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15389"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "105942"
}
],
"trust": 0.3
},
"cve": "CVE-2018-15389",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-15389",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125643",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-15389",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-15389",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-184",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125643",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125643"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012990"
},
{
"db": "NVD",
"id": "CVE-2018-15389"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-184"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges. Cisco Prime Collaboration Provisioning is prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device. \nVersions prior to Cisco Prime Collaboration Provisioning 12.1 are vulnerable. \nThis issue is being tracked by Cisco Bug ID CSCvd86564. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments. A trust management vulnerability exists in the installation functionality in Cisco PCP releases prior to 12.1",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15389"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012990"
},
{
"db": "BID",
"id": "105942"
},
{
"db": "VULHUB",
"id": "VHN-125643"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15389",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012990",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-184",
"trust": 0.7
},
{
"db": "BID",
"id": "105942",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-125643",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125643"
},
{
"db": "BID",
"id": "105942"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012990"
},
{
"db": "NVD",
"id": "CVE-2018-15389"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-184"
}
]
},
"id": "VAR-201810-0576",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-125643"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:23:56.321000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20181003-cpcp-password",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-cpcp-password"
},
{
"title": "Cisco Prime Collaboration Provisioning Repair measures for trust management vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85398"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012990"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-184"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125643"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012990"
},
{
"db": "NVD",
"id": "CVE-2018-15389"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-cpcp-password"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15389"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15389"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125643"
},
{
"db": "BID",
"id": "105942"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012990"
},
{
"db": "NVD",
"id": "CVE-2018-15389"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-184"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-125643"
},
{
"db": "BID",
"id": "105942"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012990"
},
{
"db": "NVD",
"id": "CVE-2018-15389"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-184"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-125643"
},
{
"date": "2018-10-03T00:00:00",
"db": "BID",
"id": "105942"
},
{
"date": "2019-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012990"
},
{
"date": "2018-10-05T14:29:07.560000",
"db": "NVD",
"id": "CVE-2018-15389"
},
{
"date": "2018-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-184"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-125643"
},
{
"date": "2018-10-03T00:00:00",
"db": "BID",
"id": "105942"
},
{
"date": "2019-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012990"
},
{
"date": "2019-10-09T23:35:30.640000",
"db": "NVD",
"id": "CVE-2018-15389"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-184"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-184"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Prime Collaboration Provisioning Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012990"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-184"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…