Cisco released security updates that address a total of six vulnerabilities in the Cisco Prime Collaboration Provisioning (PCP) application.
The most dangerous problem is CVE-2018-0321, which allows an unauthorized attacker to gain access to the Java Remote Method Invocation (RMI) system and perform actions affecting the PCP and connected devices. Among other things, vulnerabilities have been fixed that provide the ability to reinstall passwords and gain administrative privileges on vulnerable systems, execute arbitrary SQL queries, and increase the rights on the system.
The manufacturer has eliminated the aforementioned problems with the release of the Cisco Prime Collaboration Provisioning version 12.3.
The company also corrected a critical vulnerability (CVE-2018-0315) in the IOS XE software, which allows an unauthorized attacker to remotely execute the code or cause the device to reboot, which will lead to a malfunction in its operation.
Cisco Prime Collaboration Provisioning provides a unified interface for managing subscribers and communication services, as well as quick setup of the equipment and integration with the data network.