It affects only version 11.6 of the software, and has been now fixed in releases 12.1 and later. And so the flaw is deemed to be critical. While the vulnerability can’t be exploited remotely and only allows low-privilege access, “there are extenuating circumstances that allow an attacker to elevate privileges to root,” they noted. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device,” the company explained. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. “An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. The vulnerability (CVE-2018-0141) in the Cisco Prime Collaboration Provisioning software was found during internal security testing and is due to a hard-coded account password on the system. Cisco has pushed out fixes for security vulnerabilities in a wide variety of its products, including two critical flaws in its Secure Access Control System (ACS) and its Prime Collaboration Provisioning (PCP) software.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |