Sign-up

ID

VAR-201806-1016


CVE

CVE-2018-0336


TITLE

Cisco Prime Collaboration Provisioning Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-006093

DESCRIPTION

A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could exploit this vulnerability by uploading a batch file and having the batch file processed by the system. A successful exploit could allow the attacker to escalate privileges to the Administrator level. Cisco Bug IDs: CSCvd86578. Cisco Prime Collaboration Provisioning Contains vulnerabilities related to authorization, permissions, and access control, and vulnerabilities related to unlimited uploading of dangerous types of files. Vendors have confirmed this vulnerability Bug ID CSCvd86578 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

Trust: 1.98

sources: NVD: CVE-2018-0336 // JVNDB: JVNDB-2018-006093 // BID: 104429 // VULHUB: VHN-118538

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaborationscope:eqversion:12.1

Trust: 1.6

vendor:ciscomodel:prime collaboration provisioningscope: - version: -

Trust: 0.8

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:0

Trust: 0.3

sources: BID: 104429 // JVNDB: JVNDB-2018-006093 // CNNVD: CNNVD-201806-368 // NVD: CVE-2018-0336

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0336
value: HIGH

Trust: 1.0

NVD: CVE-2018-0336
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201806-368
value: HIGH

Trust: 0.6

VULHUB: VHN-118538
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0336
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118538
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0336
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118538 // JVNDB: JVNDB-2018-006093 // CNNVD: CNNVD-201806-368 // NVD: CVE-2018-0336

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

problemtype:CWE-862

Trust: 1.1

problemtype:CWE-434

Trust: 0.9

sources: VULHUB: VHN-118538 // JVNDB: JVNDB-2018-006093 // NVD: CVE-2018-0336

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-368

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201806-368

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006093

PATCH
title:cisco-sa-20180606-prime-escalationurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-escalation
Trust: 0.8
title:Cisco Prime Collaboration Provisioning Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80723
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-006093 // 
            
            
            
            CNNVD: CNNVD-201806-368

EXTERNAL IDS
db:NVDid:CVE-2018-0336
Trust: 2.8
db:BIDid:104429
Trust: 2.0
db:SECTRACKid:1041083
Trust: 1.7
db:JVNDBid:JVNDB-2018-006093
Trust: 0.8
db:CNNVDid:CNNVD-201806-368
Trust: 0.7
db:VULHUBid:VHN-118538
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118538 // 
            
            
            
            BID: 104429 // 
            
            
            
            JVNDB: JVNDB-2018-006093 // 
            
            
            
            CNNVD: CNNVD-201806-368 // 
            
            
            
            NVD: CVE-2018-0336

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-prime-escalation
Trust: 2.0
url:http://www.securityfocus.com/bid/104429
Trust: 1.7
url:http://www.securitytracker.com/id/1041083
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0336
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0336
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118538 // 
            
            
            
            BID: 104429 // 
            
            
            
            JVNDB: JVNDB-2018-006093 // 
            
            
            
            CNNVD: CNNVD-201806-368 // 
            
            
            
            NVD: CVE-2018-0336

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 104429

SOURCES
db:VULHUBid:VHN-118538
db:BIDid:104429
db:JVNDBid:JVNDB-2018-006093
db:CNNVDid:CNNVD-201806-368
db:NVDid:CVE-2018-0336

LAST UPDATE DATE
2024-11-23T22:00:29.281000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118538date:2019-10-09T00:00:00
db:BIDid:104429date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006093date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-368date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0336date:2024-11-21T03:38:00.430

SOURCES RELEASE DATE
db:VULHUBid:VHN-118538date:2018-06-07T00:00:00
db:BIDid:104429date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006093date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-368date:2018-06-08T00:00:00
db:NVDid:CVE-2018-0336date:2018-06-07T21:29:00.587