CVE-2018-0336
First published: Thu Jun 07 2018(Updated: )
A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could exploit this vulnerability by uploading a batch file and having the batch file processed by the system. A successful exploit could allow the attacker to escalate privileges to the Administrator level. Cisco Bug IDs: CSCvd86578.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Prime Collaboration | =12.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-0336?
CVE-2018-0336 is a vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning that allows an authenticated, remote attacker to escalate privileges to the Administrator level.
How severe is CVE-2018-0336?
CVE-2018-0336 has a severity rating of 8.8 (high).
What is the affected software for CVE-2018-0336?
The affected software for CVE-2018-0336 is Cisco Prime Collaboration Provisioning version 12.1.
What is the Common Weakness Enumeration (CWE) for CVE-2018-0336?
The Common Weakness Enumeration (CWE) for CVE-2018-0336 is CWE-862 (Missing Authorization).
How can I fix CVE-2018-0336?
To fix CVE-2018-0336, it is recommended to apply the necessary patches or updates provided by Cisco.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/cisco
- canonical/cisco prime collaboration
- version/cisco prime collaboration/12.1