CVE-2018-0141

Name of the Vulnerable Software and Affected Versions: Cisco Prime Collaboration Provisioning (PCP) Software version 11.6

Description: A vulnerability exists due to a hard-coded account password, allowing an unauthenticated, local attacker to log in to the underlying Linux operating system. The attacker could exploit this by connecting via Secure Shell (SSH) using the hard-coded credentials, gaining access as a low-privileged user. The attacker could then elevate to root privileges, taking full control of the device.

Recommendations: For Cisco Prime Collaboration Provisioning (PCP) Software version 11.6, update the system to remove the hard-coded account password and ensure all default passwords are changed to prevent unauthorized access. As a temporary workaround, consider disabling SSH access to the affected system until a patch is available. Restrict access to the underlying Linux operating system to minimize the risk of exploitation.