CVE-2018-0336

Name: CVE-2018-0336
Creator: NVD / NIST
Published: 2018-06-07T21:29:00.587+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.42%

Last modified Jun 17, 2026

CVE-2018-0336 is a vulnerability of currently unknown severity. A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. EPSS estimates a 2.42% chance of exploitation in the next 30 days.

Description

A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could exploit this vulnerability by uploading a batch file and having the batch file processed by the system. A successful exploit could allow the attacker to escalate privileges to the Administrator level. Cisco Bug IDs: CSCvd86578.

Metrics

EPSS Probability

2.42%

82.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Cisco	Prime Collaboration	12.1

References

http://www.securityfocus.com/bid/104429Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1041083Third Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-escalationVendor Advisory
http://www.securityfocus.com/bid/104429Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1041083Third Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-escalationVendor Advisory

Timeline

Published: Jun 7, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-0336?

How severe is CVE-2018-0336?

Severity scoring for CVE-2018-0336 is pending analysis. The EPSS model estimates a 2.42% probability of exploitation in the next 30 days.

How do I fix CVE-2018-0336?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-0336?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST