A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local malicious user to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the malicious user to access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device. Cisco Bug IDs: CSCvc82982.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco prime collaboration provisioning 11.6 |
||
cisco prime collaboration 11.6 |
||
cisco prime collaboration assurance 11.6 |
Two critical vulnerabilities among 20 patches
Cisco's security developers have served up a parcel of patches. First up, there's a gem in Switchzilla's Secure Access Control System. The ACS (which ceased sale in August 2017) is a hardware-based login gatekeeper, and it's got a remotely-pwnable Java deserialisation bug. Cisco's notice for CVE-2018-0147 says an attacker could exploit the bug with a crafted Java object, and gain root privilege. The bug affects all units running software up to version 5.8 patch 9, and fortunately while no longer...