Sign-up

ID

VAR-201810-0576


CVE

CVE-2018-15389


TITLE

Cisco Prime Collaboration Provisioning Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-012990

DESCRIPTION

A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges. Cisco Prime Collaboration Provisioning is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device. Versions prior to Cisco Prime Collaboration Provisioning 12.1 are vulnerable. This issue is being tracked by Cisco Bug ID CSCvd86564. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments. A trust management vulnerability exists in the installation functionality in Cisco PCP releases prior to 12.1

Trust: 1.98

sources: NVD: CVE-2018-15389 // JVNDB: JVNDB-2018-012990 // BID: 105942 // VULHUB: VHN-125643

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaborationscope:eqversion:12.1

Trust: 1.6

vendor:ciscomodel:prime collaborationscope: - version: -

Trust: 0.8

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.5.1

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.6

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.5

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.2

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.1

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:11.0

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.6

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.5

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.0

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:neversion:12.1

Trust: 0.3

sources: BID: 105942 // JVNDB: JVNDB-2018-012990 // CNNVD: CNNVD-201810-184 // NVD: CVE-2018-15389

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15389
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-15389
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201810-184
value: CRITICAL

Trust: 0.6

VULHUB: VHN-125643
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-15389
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125643
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15389
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-125643 // JVNDB: JVNDB-2018-012990 // CNNVD: CNNVD-201810-184 // NVD: CVE-2018-15389

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.8

problemtype:CWE-798

Trust: 1.1

sources: VULHUB: VHN-125643 // JVNDB: JVNDB-2018-012990 // NVD: CVE-2018-15389

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-184

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201810-184

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012990

PATCH
title:cisco-sa-20181003-cpcp-passwordurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password
Trust: 0.8
title:Cisco Prime Collaboration Provisioning Repair measures for trust management vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85398
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-012990 // 
            
            
            
            CNNVD: CNNVD-201810-184

EXTERNAL IDS
db:NVDid:CVE-2018-15389
Trust: 2.8
db:JVNDBid:JVNDB-2018-012990
Trust: 0.8
db:CNNVDid:CNNVD-201810-184
Trust: 0.7
db:BIDid:105942
Trust: 0.3
db:VULHUBid:VHN-125643
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125643 // 
            
            
            
            BID: 105942 // 
            
            
            
            JVNDB: JVNDB-2018-012990 // 
            
            
            
            CNNVD: CNNVD-201810-184 // 
            
            
            
            NVD: CVE-2018-15389

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-cpcp-password
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15389
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15389
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-125643 // 
            
            
            
            BID: 105942 // 
            
            
            
            JVNDB: JVNDB-2018-012990 // 
            
            
            
            CNNVD: CNNVD-201810-184 // 
            
            
            
            NVD: CVE-2018-15389

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 105942

SOURCES
db:VULHUBid:VHN-125643
db:BIDid:105942
db:JVNDBid:JVNDB-2018-012990
db:CNNVDid:CNNVD-201810-184
db:NVDid:CVE-2018-15389

LAST UPDATE DATE
2024-11-23T22:00:16.466000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125643date:2019-10-09T00:00:00
db:BIDid:105942date:2018-10-03T00:00:00
db:JVNDBid:JVNDB-2018-012990date:2019-02-12T00:00:00
db:CNNVDid:CNNVD-201810-184date:2019-10-17T00:00:00
db:NVDid:CVE-2018-15389date:2024-11-21T03:50:40.977

SOURCES RELEASE DATE
db:VULHUBid:VHN-125643date:2018-10-05T00:00:00
db:BIDid:105942date:2018-10-03T00:00:00
db:JVNDBid:JVNDB-2018-012990date:2019-02-12T00:00:00
db:CNNVDid:CNNVD-201810-184date:2018-10-08T00:00:00
db:NVDid:CVE-2018-15389date:2018-10-05T14:29:07.560