CVE-2018-0322
CVE-2018-0322 is a high-severity vulnerability in Cisco Prime Collaboration with a CVSS 3.x base score of 8.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-862.
Key facts
- Severity: High (CVSS 3.x base score 8.8)
- CVSS v2: 6.5
- EPSS exploit prediction: 3% (84th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-862
- Affected product: Cisco Prime Collaboration
- Published:
- Last modified:
Description
A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vulnerability is due to a failure to enforce access restrictions on the Help Desk and User Provisioning roles that are assigned to authenticated users. This failure could allow an authenticated attacker to modify critical attributes of higher-privileged accounts on the device. A successful exploit could allow the attacker to gain elevated privileges on the device. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.1 and prior. Cisco Bug IDs: CSCvd61779.
Frequently asked questions
- What is CVE-2018-0322?
- A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vulnerability is due to a failure to enforce access restrictions on the Help Desk and User Provisioning roles that are assigned to authenticated users. This failure could allow an authenticated attacker to modify critical attributes of higher-privileged accounts on the device. A successful exploit could allow the attacker to gain elevated privileges on the device. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.1 and prior. Cisco Bug IDs: CSCvd61779.
- How severe is CVE-2018-0322?
- CVE-2018-0322 has a CVSS 3.x base score of 8.8, rated high severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2018-0322 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 3% (84th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2018-0322?
- CVE-2018-0322 primarily affects Cisco Prime Collaboration. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2018-0322?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2018-0322 published?
- CVE-2018-0322 was published on 2018-06-07 and last updated on 2026-06-17.
References
- http://www.securityfocus.com/bid/104443
- http://www.securitytracker.com/id/1041064
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-access
Affected products (2)
- cpe:2.3:a:cisco:prime_collaboration:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:prime_collaboration_provisioning:*:*:*:*:*:*:*:*
More vulnerabilities in Cisco Prime Collaboration
- CVE-2018-15389 — Critical (CVSS 9.8): A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated,…
- CVE-2018-0321 — Critical (CVSS 9.8): A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to…
- CVE-2018-0320 — Critical (CVSS 9.8): A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an…
- CVE-2018-0319 — Critical (CVSS 9.8): A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an…
- CVE-2018-0318 — Critical (CVSS 9.8): A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an…
- CVE-2018-0336 — High (CVSS 8.8): A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an…
All CVEs affecting Cisco Prime Collaboration →
Other CWE-862 (Missing Authorization) vulnerabilities
- CVE-2026-0092 — Critical (CVSS 10.0): In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could…
- CVE-2026-33712 — Critical (CVSS 10.0): Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST…
- CVE-2026-2031 — Critical (CVSS 10.0): An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration…
- CVE-2026-34976 — Critical (CVSS 10.0): Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing…
- CVE-2025-30416 — Critical (CVSS 10.0): Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis…
- CVE-2025-45854 — Critical (CVSS 10.0): /server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams.
Browse all CWE-862 (Missing Authorization) vulnerabilities →