1st Aug 2018 – Cisco Secuirty Advisory CVE-2018-0391

Cisco Prime Collaboration Provisioning provides a scalable web-based solution to manage your company’s next-generation communication services. CiscoPrimeCollaboration Provisioning manages IPcommunication endpoints and services in an integrated IP telephony, video, voicemail and unified messaging environment
that includes Cisco Unified Communications Manager, Cisco Unified Communications  Manager Express, Cisco Unity Express, Cisco Unity Connection systems and analog gateways.

But the technical issue on authentication especially password looks can’t been resolved yet! I am not going to move the focus to conspiracy topic somethings like backdoor rumours. From technical point of view, the architecture relies on https. Refer to attached diagram, whether any similar architecture there and trigger traditional service ID issue. Since the traditional service ID on web will be store in someplace and it is hardcode.
Offical announcement shown below URL:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-pcp-dos

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.