Main Vulnerability Database Vulnerabilities #VU13213

Information disclosure in Cisco Prime Collaboration Provisioning - CVE-2018-0335

Published: June 7, 2018

Vulnerability identifier: #VU13213

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0335

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Prime Collaboration Provisioning

Detailed vulnerability description

The vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information on the target system.

The vulnerability exists in the web portal authentication process of Cisco Prime Collaboration Provisioning due to improper logging of authentication data. A local attacker can monitor a specific file for this authentication data and gain authentication information for other users.

How to mitigate CVE-2018-0335

Install update from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cpcp-id

Information disclosure in Cisco Prime Collaboration Provisioning - CVE-2018-0335

Detailed vulnerability description

How to mitigate CVE-2018-0335

Sources

Please verify you're human