Sign-up

ID

VAR-201808-0296


CVE

CVE-2018-0391


TITLE

Cisco Prime Collaboration Provisioning Authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008934

DESCRIPTION

A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this vulnerability by changing a specific administrator account password. A successful exploit could allow the attacker to cause the affected device to become inoperable, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. Cisco Bug IDs: CSCvd86586. Vendors have confirmed this vulnerability Bug ID CSCvd86586 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

Trust: 1.98

sources: NVD: CVE-2018-0391 // JVNDB: JVNDB-2018-008934 // BID: 104942 // VULHUB: VHN-118593

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration provisioningscope:lteversion:12.2

Trust: 1.8

vendor:ciscomodel:prime collaborationscope:eqversion:12.1

Trust: 1.6

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:12.2

Trust: 0.9

vendor:ciscomodel:prime collaborationscope: - version: -

Trust: 0.8

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.5.1

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:12.1

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.6

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.5

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.2

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.1

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.0

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.6

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.5

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.0

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:neversion:12.3

Trust: 0.3

sources: BID: 104942 // JVNDB: JVNDB-2018-008934 // CNNVD: CNNVD-201808-015 // NVD: CVE-2018-0391

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0391
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0391
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201808-015
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118593
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0391
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118593
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0391
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118593 // JVNDB: JVNDB-2018-008934 // CNNVD: CNNVD-201808-015 // NVD: CVE-2018-0391

PROBLEMTYPE DATA

problemtype:CWE-285

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-118593 // JVNDB: JVNDB-2018-008934 // NVD: CVE-2018-0391

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-015

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201808-015

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008934

PATCH
title:cisco-sa-20180801-pcp-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-pcp-dos
Trust: 0.8
title:Cisco Prime Collaboration Provisioning Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82768
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008934 // 
            
            
            
            CNNVD: CNNVD-201808-015

EXTERNAL IDS
db:NVDid:CVE-2018-0391
Trust: 2.8
db:BIDid:104942
Trust: 2.0
db:SECTRACKid:1041409
Trust: 1.7
db:JVNDBid:JVNDB-2018-008934
Trust: 0.8
db:CNNVDid:CNNVD-201808-015
Trust: 0.7
db:VULHUBid:VHN-118593
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118593 // 
            
            
            
            BID: 104942 // 
            
            
            
            JVNDB: JVNDB-2018-008934 // 
            
            
            
            CNNVD: CNNVD-201808-015 // 
            
            
            
            NVD: CVE-2018-0391

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180801-pcp-dos
Trust: 2.0
url:http://www.securityfocus.com/bid/104942
Trust: 1.7
url:http://www.securitytracker.com/id/1041409
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0391
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0391
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118593 // 
            
            
            
            BID: 104942 // 
            
            
            
            JVNDB: JVNDB-2018-008934 // 
            
            
            
            CNNVD: CNNVD-201808-015 // 
            
            
            
            NVD: CVE-2018-0391

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 104942

SOURCES
db:VULHUBid:VHN-118593
db:BIDid:104942
db:JVNDBid:JVNDB-2018-008934
db:CNNVDid:CNNVD-201808-015
db:NVDid:CVE-2018-0391

LAST UPDATE DATE
2024-11-23T23:08:36.668000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118593date:2019-10-09T00:00:00
db:BIDid:104942date:2018-08-01T00:00:00
db:JVNDBid:JVNDB-2018-008934date:2018-11-01T00:00:00
db:CNNVDid:CNNVD-201808-015date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0391date:2024-11-21T03:38:07.887

SOURCES RELEASE DATE
db:VULHUBid:VHN-118593date:2018-08-01T00:00:00
db:BIDid:104942date:2018-08-01T00:00:00
db:JVNDBid:JVNDB-2018-008934date:2018-11-01T00:00:00
db:CNNVDid:CNNVD-201808-015date:2018-08-02T00:00:00
db:NVDid:CVE-2018-0391date:2018-08-01T20:29:00.263