{"api_version":"1","generated_at":"2026-04-23T10:18:04+00:00","cve":"CVE-2018-0335","urls":{"html":"https://cve.report/CVE-2018-0335","api":"https://cve.report/api/cve/CVE-2018-0335.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-0335","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-0335"},"summary":{"title":"CVE-2018-0335","description":"A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602.","state":"PUBLIC","assigner":"psirt@cisco.com","published_at":"2018-06-07 21:29:00","updated_at":"2019-10-09 23:31:00"},"problem_types":["CWE-532","CWE-522"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/104473","name":"104473","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Cisco Prime Collaboration Provisioning CVE-2018-0335 Local Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id/1041069","name":"1041069","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Cisco Prime Collaboration Provisioning Plaintext Password Logging Lets Local Users View Passwords - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cpcp-id","name":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cpcp-id","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Cisco Prime Collaboration Provisioning Cleartext Passwords Written to World-Readable File Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-0335","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0335","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"335","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"prime_collaboration","cpe6":"12.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"335","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"prime_collaboration","cpe6":"12.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","ID":"CVE-2018-0335","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Cisco Prime Collaboration Provisioning unknown","version":{"version_data":[{"version_value":"Cisco Prime Collaboration Provisioning unknown"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-200"}]}]},"references":{"reference_data":[{"name":"1041069","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1041069"},{"name":"104473","refsource":"BID","url":"http://www.securityfocus.com/bid/104473"},{"name":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cpcp-id","refsource":"CONFIRM","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cpcp-id"}]}},"nvd":{"publishedDate":"2018-06-07 21:29:00","lastModifiedDate":"2019-10-09 23:31:00","problem_types":["CWE-532","CWE-522"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:prime_collaboration:12.2:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"335","Ordinal":"115148","Title":"CVE-2018-0335","CVE":"CVE-2018-0335","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"335","Ordinal":"1","NoteData":"A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"335","Ordinal":"2","NoteData":"2018-06-07","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"335","Ordinal":"3","NoteData":"2018-06-16","Type":"Other","Title":"Modified"}]}}}