SB2018060703 - Multiple vulnerabilities in Cisco Prime Collaboration Provisioning

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) SQL injection (CVE-ID: CVE-2018-0320)

The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.

The vulnerability exists in the web framework code of Cisco Prime Collaboration Provisioning (PCP) due to insufficient validation on user-supplied input in SQL queries. A remote attacker can send a specially crafted HTTP request to vulnerable script and execute arbitrary SQL commands in web application database.

Successful exploitation of the vulnerability may allow an attacker to gain administrative access to vulnerable web application.

2) Privilege escalation (CVE-ID: CVE-2018-0336)

The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.

The vulnerability exists in the batch provisioning feature of Cisco Prime Collaboration Provisioning due to insufficient authorization enforcement on batch processing. A remote attacker can upload a batch file, have the batch file processed by the system and escalate his privileges to the Administrator level.

3) Privilege escalation (CVE-ID: CVE-2018-0322)

The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.

The vulnerability exists in the web management interface of Cisco Prime Collaboration Provisioning (PCP) due to a failure to enforce access restrictions on the Help Desk and User Provisioning roles that are assigned to authenticated users. A remote attacker can modify critical attributes of higher-privileged accounts on the device and gain elevated privileges on the device.

4) Security restrictions bypass (CVE-ID: CVE-2018-0321)

The vulnerability allows a remote attacker to bypass security restrictions and access the Java Remote Method Invocation (RMI) system.

The vulnerability exists in Cisco Prime Collaboration Provisioning (PCP) due to an open port in the Network Interface and Configuration Engine (NICE) service. A remote attacker can access the open RMI system on an affected PCP instance and perform malicious actions that affect PCP and the devices that are connected to it.

5) Privilege escalation (CVE-ID: CVE-2018-0318)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists in the password reset function of Cisco Prime Collaboration Provisioning (PCP) due to insufficient validation of a password reset request.. A remote attacker can submit a specially crafted password reset request, change the password for any user and gain administrative-level privileges on the affected system.

6) Privilege escalation (CVE-ID: CVE-2018-0319)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) due to insufficient validation of a password recovery request. A remote attacker can submit a specially crafted password recovery request, change the password for any user and gain administrative-level privileges on the affected system.

7) Privilege escalation (CVE-ID: CVE-2018-0317)

The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.

The vulnerability exists in the web interface of Cisco Prime Collaboration Provisioning (PCP) due to insufficient web portal access control checks. A remote attacker can modify an access request, promote their account to any role defined on the system and gain elevated privileges.

8) Information disclosure (CVE-ID: CVE-2018-0335)

The vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information on the target system.

The vulnerability exists in the web portal authentication process of Cisco Prime Collaboration Provisioning due to improper logging of authentication data. A local attacker can monitor a specific file for this authentication data and gain authentication information for other users.

Remediation

Install update from vendor's website.

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-sql
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-escalation
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-access
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cpcp-id