Main Vulnerability Database Vulnerabilities #VU13209

#VU13209 Security restrictions bypass in Cisco Prime Collaboration Provisioning - CVE-2018-0321

Published: June 7, 2018

Vulnerability identifier: #VU13209

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0321

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Prime Collaboration Provisioning

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to bypass security restrictions and access the Java Remote Method Invocation (RMI) system.

The vulnerability exists in Cisco Prime Collaboration Provisioning (PCP) due to an open port in the Network Interface and Configuration Engine (NICE) service. A remote attacker can access the open RMI system on an affected PCP instance and perform malicious actions that affect PCP and the devices that are connected to it.

Remediation

Update to version 12.1.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-access