- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: CIS
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco Prime Collaboration Provisioning Unauthorized Password Recovery Vulnerability
Advisory ID: cisco-sa-20180606-prime-password-recovery
Revision: 1.0
For Public Release: 2018 June 6 16:00 GMT
Last Updated: 2018 June 6 16:00 GMT
CVE ID(s): CVE-2018-0319
CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
+———————————————————————
Summary
=======
A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device.
The vulnerability is due to insufficient validation of a password recovery request. An attacker could exploit this vulnerability by submitting a password recovery request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJbGAZSXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfcz5e8QAMVgwo36elv7+gcbI9iQBh9j9udb
4ymGMJreQ7lRg9/wbzn0ebeOYdceCoIxUArnd7Vd5VbwCBcxFxdAUqqWfxEbO+Aw
8n/cXj+4gZUXiJvD4R7wQs6xLrTQ8TotwHiLaKhjj43wleEzx8WkrG142sYYFCrK
T+pFgw76MGSUgINypM/1lkigdVei7PT5y4ZXpExRXYIQ72Re/d+Tj5frElYe7JFb
yA2cmRKkr6Lri0FNJusIsONkrrwaWW1N+gdJxxR19N3ek6E+MvLRlpEadmX2IIWz
Zb9ikISFGT5ibbzbG1Zd+lWdaUvM9L0RRv8JdxBjnmLk8xf72Az+F8wGmPmzf6NH
+Oy5pvzpbFR4MzgzyR8qJu1vdnBekxgfAbUkUpW1IyoPfqWUNoRGBAP6i1HS16zk
UmTb9BAE7/5Dp12ceQp4qjb1wKzibilqkY41dl90fm7i3U5E1C7Ug37i1c3P86nr
QDKjQOK+n6q9FjTAJawBZ7uUeyBAZoPo4Rx++TPrGVQQdk8b2mUxBV3jJI0ZKt7z
DvVBzGnapzZtlPs7uKG7FKKLe/IJY6hE1d5PY+zwnTH7M3+XrsWHJ/tTxW588kFi
zcNggEccCseY5UGvXJnF4o2qgD77rimyW0c4tPFHG7mwDKoyNwiPpr5friqK058P
NlPJo+aBysz0w+dP
=P07E
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com
| Autor | Andrej Sefic |
| Cert id | NCERT-REF-2018-06-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
