{"api_version":"1","generated_at":"2026-04-23T09:05:43+00:00","cve":"CVE-2018-0319","urls":{"html":"https://cve.report/CVE-2018-0319","api":"https://cve.report/api/cve/CVE-2018-0319.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-0319","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-0319"},"summary":{"title":"CVE-2018-0319","description":"A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password recovery request. An attacker could exploit this vulnerability by submitting a password recovery request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07253.","state":"PUBLIC","assigner":"psirt@cisco.com","published_at":"2018-06-07 12:29:00","updated_at":"2019-10-09 23:31:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery","name":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Cisco Prime Collaboration Provisioning Unauthorized Password Recovery Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/104431","name":"104431","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Cisco Prime Collaboration Provisioning CVE-2018-0319 Security Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id/1041079","name":"1041079","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Cisco Prime Collaboration Provisioning Password Recovery Flaw Lets Remote Users Modify Arbitrary Passwords - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-0319","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0319","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"319","vulnerable":"1","versionEndIncluding":"12.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"prime_collaboration","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"319","vulnerable":"1","versionEndIncluding":"11.6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"prime_collaboration_provisioning","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","ID":"CVE-2018-0319","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Cisco Prime Collaboration Provisioning unknown","version":{"version_data":[{"version_value":"Cisco Prime Collaboration Provisioning unknown"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password recovery request. An attacker could exploit this vulnerability by submitting a password recovery request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07253."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-255"}]}]},"references":{"reference_data":[{"name":"104431","refsource":"BID","url":"http://www.securityfocus.com/bid/104431"},{"name":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery","refsource":"CONFIRM","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery"},{"name":"1041079","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1041079"}]}},"nvd":{"publishedDate":"2018-06-07 12:29:00","lastModifiedDate":"2019-10-09 23:31:00","problem_types":["CWE-287"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:prime_collaboration:*:*:*:*:*:*:*:*","versionEndIncluding":"12.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:prime_collaboration_provisioning:*:*:*:*:*:*:*:*","versionEndIncluding":"11.6","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"319","Ordinal":"115132","Title":"CVE-2018-0319","CVE":"CVE-2018-0319","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"319","Ordinal":"1","NoteData":"A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password recovery request. An attacker could exploit this vulnerability by submitting a password recovery request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07253.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"319","Ordinal":"2","NoteData":"2018-06-07","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"319","Ordinal":"3","NoteData":"2018-06-13","Type":"Other","Title":"Modified"}]}}}