Privilege escalation in Cisco Prime Collaboration Provisioning - CVE-2018-0336
Published: June 7, 2018
Vulnerability identifier: #VU13207
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0336
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Prime Collaboration Provisioning
Cisco Prime Collaboration Provisioning
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The vulnerability exists in the batch provisioning feature of Cisco Prime Collaboration Provisioning due to insufficient authorization enforcement on batch processing. A remote attacker can upload a batch file, have the batch file processed by the system and escalate his privileges to the Administrator level.
How to mitigate CVE-2018-0336
Install update from vendor's website.