Vulnerability Details : CVE-2018-0336
A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could exploit this vulnerability by uploading a batch file and having the batch file processed by the system. A successful exploit could allow the attacker to escalate privileges to the Administrator level. Cisco Bug IDs: CSCvd86578.
Products affected by CVE-2018-0336
- cpe:2.3:a:cisco:prime_collaboration:12.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0336
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0336
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2018-0336
-
Assigned by: ykramarz@cisco.com (Secondary)
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-0336
-
http://www.securitytracker.com/id/1041083
Cisco Prime Collaboration Provisioning Batch Provisioning Bug Lets Remote Authenticated Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-escalation
Cisco Prime Collaboration Provisioning Access Control Deficiency in Batch Function Privilege Escalation VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/104429
Cisco Prime Collaboration Provisioning CVE-2018-0336 Remote Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Jump to