CVE-2018-0391

Name of the Vulnerable Software and Affected Versions Cisco Prime Collaboration Provisioning versions 12.2 and prior

Description A vulnerability in the password change function could allow an authenticated, remote attacker to cause the system to become inoperable due to insufficient validation of a password change request. An attacker could exploit this by changing a specific administrator account password, resulting in a denial of service (DoS) condition.

Recommendations For Cisco Prime Collaboration Provisioning versions 12.2 and prior, consider restricting access to the password change function until a fix is available. As a temporary workaround, avoid changing administrator account passwords to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.