Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability

2017-05-1716:00:00

tools.cisco.com

EPSS

0.806

Percentile

98.4%

JSON

A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges.

The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to bypass authentication and perform command injection in Cisco Prime Collaboration Provisioning with root privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1”]

Affected configurations

Vulners

Node

ciscoprime_collaboration_provisioningMatchany

VendorProductVersionCPE
ciscoprime_collaboration_provisioninganycpe:2.3:a:cisco:prime_collaboration_provisioning:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	prime_collaboration_provisioning	any	cpe:2.3:a:cisco:prime_collaboration_provisioning:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1

EPSS

0.806

Percentile

98.4%

JSON

Related for CISCO-SA-20170517-PCP1