Cisco has issued an update that patches a vulnerability, rated high, in the password change function of Cisco Prime Collaboration Provisioning.
The issue, CVE-2018-0391, is due to insufficient validation of a password change request that would allow an attacker to exploit the vulnerability by changing a specific administrator account password that could lead to the affected device becoming inoperable, resulting in a denial of service condition, the company said.
This vulnerability affects Cisco Prime Collaboration Provisioning version 12.2 and prior and there are no workarounds for the issue.
