CVE-2018-0318

Name of the Vulnerable Software and Affected Versions Cisco Prime Collaboration Provisioning (PCP) versions 11.6 and prior

Description A vulnerability in the password reset function could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The issue is due to insufficient validation of a password reset request, allowing an attacker to submit a request and change the password for any user, potentially gaining administrative-level privileges.

Recommendations For Cisco Prime Collaboration Provisioning (PCP) versions 11.6 and prior, update to a version later than 11.6 to resolve the issue. As a temporary workaround, consider restricting access to the password reset function until a patch is available.