CVE-2018-0391
Last modified
CVE-2018-0391 is a vulnerability of currently unknown severity. A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. EPSS estimates a 2.71% chance of exploitation in the next 30 days.
Description
A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this vulnerability by changing a specific administrator account password. A successful exploit could allow the attacker to cause the affected device to become inoperable, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. Cisco Bug IDs: CSCvd86586.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Prime Collaboration | 12.1 |
| Cisco | Prime Collaboration Provisioning | <= 12.2 |
References
- http://www.securityfocus.com/bid/104942Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1041409Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/104942Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1041409Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-0391?
How severe is CVE-2018-0391?
How do I fix CVE-2018-0391?
Are you affected by CVE-2018-0391?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST