CVE-2018-15389

CVE Database · CVE-2018-15389

CVE-2018-15389

· N/AModified

CVSS v3.1

N/A

EPSS

1.51%

Published

Oct 5, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded password that, in some cases, is not replaced with a unique password. A successful exploit could allow the attacker to access the administrative web interface with administrator-level privileges.

Weaknesses (CWE)

CWE-255CWE-798

Affected Products (1)

cisco · prime_collaborationvulnerable

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs