—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Prime Collaboration Provisioning Hard-Coded Password Vulnerability

Advisory ID: cisco-sa-20180307-cpcp

Revision: 1.0

For Public Release: 2018 March 7 16:00 GMT

Last Updated: 2018 March 7 16:00 GMT

CVE ID(s): CVE-2018-0141

CVSS Score v(3): 5.9 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

+———————————————————————

Summary
=======
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software could allow an unauthenticated, local attacker to log in to the underlying Linux operating system.

The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device.

Note: Although this vulnerability has a Common Vulnerability Scoring System (CVSS) Base score of 5.9, which is normally assigned a Security Impact Rating (SIR) of Medium, there are extenuating circumstances that allow an attacker to elevate privileges to root. For these reasons, the SIR has been set to Critical.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJaoA/nXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfcziWsQALgMDaBc/JUQl/4Ny3rudoGw7YKQ
I40vE4rmhyf4228ZE8E8t6S+nmCHfxSE6MjaSASQo/aA6aueJydypz3kX2nMT+Jg
mdTEd5msBZ0YTvsbcKeiDGPRTrgU7DRuit44HHLrMSPF/+GTwGHGay36S2mETaaN
Pb2ktI6fqTq6nL9uiYqGzCdy4oLAhVA+m+MGoZWFQGwiNylSY8wbEu6Ji35Xe1nV
t3rpt012mB+UVmpaeDqqfN8to28tFQFnkHuEjl1PrbN9zazyhixFHzbUIhxMfrCf
6cyol/WcF3wqf9aLpgOreByMxKhRRc8RH0JAcNYi9mZA/JJxo9YVXjGGSeoCoNGQ
Zxh3N/zFd7JpYw1Do+YIXxK/aN6XUG9szXgqbrzEOQI622Ex7vpda3j5fMkjowWo
yIfp9jRINNlWQ7frDSvkcNsbtkF4h6IwdOc4oVrgLK/ixdg1c3ierzoacVSsSfgP
rFJk1xZ0uOGuoIpxUZejC/R07dihn149nTGhAZvsPrr/z9i7w87OsT3S+4GUStES
UVppatNbLv/W/oClxLM+gjpBjqYroWUQV5UK1HTZpvFognUA9WudgxzxoSaeSsf7
MuaEJ1bDIBoI8g7JhjI5p8FhwUdZN9OdJzx6iCQip+OqvzWDBVP2M3RUJg7ob5JB
YFxVRx1cpqnp2+DS
=AqzZ
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com