Cisco Prime Collaboration Provisioning硬编码凭证本地安全限制绕过漏洞
受影响系统:
Cisco Prime Collaboration Provisioning 11.6
描述:
BUGTRAQ ID: 103329
CVE(CAN) ID: CVE-2018-0141
Cisco Prime Collaboration是综合性视频及声音服务保障及管理系统。
Cisco Prime Collaboration Provisioning (PCP) Software由于存在硬编码帐户密码,在实现上存在安全漏洞,可使未经身份验证的本地攻击者登录到下层Linux操作系统。
<*来源:Cisco
链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp
*>
建议:
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20180307-cpcp)以及相应补丁:
cisco-sa-20180307-cpcp:Cisco Prime Collaboration Provisioning Hard-Coded Password Vulnerability
链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp