====================================================================

                             CERT-Renater

                 Note d'Information No. 2018/VULN093
_____________________________________________________________________

DATE                : 08/03/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Prime Collaboration
                        Provisioning software version 11.6.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp
_____________________________________________________________________

Cisco Security Advisory: Cisco Prime Collaboration Provisioning
Hard-Coded Password Vulnerability

Advisory ID: cisco-sa-20180307-cpcp

Revision: 1.0

For Public Release: 2018 March 7 16:00 GMT

Last Updated: 2018 March 7 16:00 GMT

CVE ID(s): CVE-2018-0141

CVSS Score v(3): 5.9 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

+---------------------------------------------------------------------

Summary
=======
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software
could allow an unauthenticated, local attacker to log in to the
underlying Linux operating system.

The vulnerability is due to a hard-coded account password on the system.
An attacker could exploit this vulnerability by connecting to the
affected system via Secure Shell (SSH) using the hard-coded credentials.
A successful exploit could allow the attacker to access the underlying
operating system as a low-privileged user. After low-level privileges
are gained, the attacker could elevate to root privileges and take full
control of the device.

Note: Although this vulnerability has a Common Vulnerability Scoring
System (CVSS) Base score of 5.9, which is normally assigned a Security
Impact Rating (SIR) of Medium, there are extenuating circumstances that
allow an attacker to elevate privileges to root. For these reasons, the
SIR has been set to Critical.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp"]

==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================