You are here
Home > Preporuke > Ranjivost Cisco Prime Collaboration Provisioning aplikacije

Ranjivost Cisco Prime Collaboration Provisioning aplikacije

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Prime Collaboration Provisioning Access Control Bypass Vulnerability

Advisory ID: cisco-sa-20180606-prime-bypass

Revision: 1.0

For Public Release: 2018 June 6 16:00 GMT

Last Updated: 2018 June 6 16:00 GMT

CVE ID(s): CVE-2018-0317

CVSS Score v(3): 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary

=======

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges.

The vulnerability is due to insufficient web portal access control checks. An attacker could exploit this vulnerability by modifying an access request. An exploit could allow the attacker to promote their account to any role defined on the system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbGAZNXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczYD0P/iWNO3CrVEExDo1CjuB/aV9fryai
/ZGBLYEXyIM4Iz5UuMdBg0jENZwOLuMuoOPSfyr6npTLsHxqTUBauMbyWXasaI2s
ZtqSRznNcRK7ySOsVbpOsmAnsQ6AYfo6FETOophq4x8ebt5Df5vbnZN/CP/uieVP
grfaXRqVzKgSTmqHF7XBhLhQh2cRmA76EzAi4GGHZcegKSPMRRuZjVyklFlqX/M0
ll2osca2jj0BtcRYMTkTd59L8RoEk3M5HnfoM7JSjES3T97/m7aPLquwxFdZaGhB
Y/vvBriHt+fgPXt+tQ1M2lCu3gu5gr2m4om77JOh6METQQbWAuCw4yjbuS175gzs
MDjeoAfH5RkmpCDuhgfJsPhVTy9r5Dzrdbi5XYhCymIoAF5Dw9nfo6T1+iqgY5DK
QBcBrsSPQiUelivh/M6rkpTgfIT6qA6OaSLmj7Qeo+jasZrjutZSvBIjOenVKVh+
dfj9T7+XZ8anPmY9b80hE/xegZcErCelLdU/ee+OCPd5P+lvOtsJDfO3DOytXk/f
R9jq8isnQJR8//DykkVRtzKDaKdGtV6y5plwweVSzLItTD1WO89l2nj2zUQGgYZN
TDp0heKtU8RoyjMrxgDiQv/+W2rTgoLXLhvtXtiyvrsJaiLrJ6hZJ0sLVZyQqCnn
/c8Qu5tOzOXBC3qQ
=ZxO/
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorAndrej Sefic
Cert idNCERT-REF-2018-06-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top