CVE-2018-0322

Name of the Vulnerable Software and Affected Versions Cisco Prime Collaboration Provisioning (PCP) versions 12.1 and prior

Description A vulnerability in the web management interface could allow an authenticated, remote attacker to modify sensitive data associated with arbitrary accounts on an affected device. This is due to a failure to enforce access restrictions on certain roles assigned to authenticated users, potentially allowing an attacker to modify critical attributes of higher-privileged accounts and gain elevated privileges on the device.

Recommendations For Cisco Prime Collaboration Provisioning (PCP) versions 12.1 and prior, update to a version later than 12.1 to resolve the issue.