CVE-2018-15389
Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges.
Una vulnerabilidad en la función de instalación de Cisco Prime Collaboration Provisioning (PCP) podría permitir que un atacante remoto no autenticado acceda a la interfaz web de administración mediante un usuario y contraseña por defecto embebidos empleados durante la instalación. La vulnerabilidad se debe a una contraseña embebida que, en algunos casos, no se reemplaza con una contraseña única. Su explotación con éxito podría permitir que el atacante acceda a la interfaz web de administración con privilegios de nivel administrador.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-08-17 CVE Reserved
- 2018-10-05 CVE Published
- 2023-03-07 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Prime Collaboration Search vendor "Cisco" for product "Prime Collaboration" | 12.1 Search vendor "Cisco" for product "Prime Collaboration" and version "12.1" | - |
Affected
|