CVE-2018-0336

HIGH

Cisco Prime Collaboration Provisioning - Authenticated Privilege Escalation via Batch File Processing

Title source: llm
STIX 2.1

Description

A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could exploit this vulnerability by uploading a batch file and having the batch file processed by the system. A successful exploit could allow the attacker to escalate privileges to the Administrator level. Cisco Bug IDs: CSCvd86578.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104429
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1041083

Scores

CVSS v3 8.8
EPSS 0.0242
EPSS Percentile 82.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-264 CWE-862
Status published
Products (1)
cisco/prime_collaboration 12.1
Published Jun 07, 2018
Tracked Since Feb 18, 2026