CVE-2018-0336

CVE Database · CVE-2018-0336

CVE-2018-0336

· N/AModified

CVSS v3.1

N/A

EPSS

2.42%

Published

Jun 7, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could exploit this vulnerability by uploading a batch file and having the batch file processed by the system. A successful exploit could allow the attacker to escalate privileges to the Administrator level. Cisco Bug IDs: CSCvd86578.

Weaknesses (CWE)

CWE-264CWE-862

Affected Products (1)

cisco · prime_collaborationvulnerable

References (6)

http://www.securityfocus.com/bid/104429

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041083

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-escalation

Vendor Advisory

http://www.securityfocus.com/bid/104429

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041083

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-escalation

KEV Catalog EPSS Scores Vendors All CVEs