Vulnerabilities > CVE-2018-0391 - Unspecified vulnerability in Cisco products
Summary
A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this vulnerability by changing a specific administrator account password. A successful exploit could allow the attacker to cause the affected device to become inoperable, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. Cisco Bug IDs: CSCvd86586.
Vulnerable Configurations
Nessus
NASL family | CISCO |
NASL id | CISCO-SA-20180801-PCP-DOS.NASL |
description | According to its self-reported version number, the remote Cisco Prime Collaboration Provisioning server is prior to 12.3. It is, therefore, affected by unauthorized password change denial of service vulnerability which could allow the attacker to cause the affected device to become inoperable, resulting in a denial of service (DoS) condition. Note that Nessus has not tested for this issue but has instead relied only on the application |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 123521 |
published | 2019-04-01 |
reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/123521 |
title | Cisco Prime Collaboration Provisioning Unauthorized Password Change Denial of Service Vulnerability (cisco-sa-20180801-pcp-dos |
References
- http://www.securityfocus.com/bid/104942
- http://www.securityfocus.com/bid/104942
- http://www.securitytracker.com/id/1041409
- http://www.securitytracker.com/id/1041409
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-pcp-dos
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-pcp-dos