Lucene search

CiscoCVE-2017-6635

HistoryMay 22, 2017 - 1:29 a.m.

CVE-2017-6635

2017-05-2201:29:00

CWE-264

CWE-862

cisco

web.nvd.nist.gov

cisco

prime collaboration

provisioning software

vulnerability

authenticated

remote attacker

file deletion

http request

directory traversal

cisco bug ids

cscvc99597

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:C/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.5

Confidence

High

EPSS

0.1

Percentile

95.0%

JSON

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to delete any file from the system. Cisco Bug IDs: CSCvc99597.

Affected configurations

Nvd

Node

ciscoprime_collaboration_provisioningMatch9.0.0

ciscoprime_collaboration_provisioningMatch9.5.0

ciscoprime_collaboration_provisioningMatch10.0.0

ciscoprime_collaboration_provisioningMatch10.5.0

ciscoprime_collaboration_provisioningMatch10.5.1

ciscoprime_collaboration_provisioningMatch10.6.0

ciscoprime_collaboration_provisioningMatch10.6.2

ciscoprime_collaboration_provisioningMatch11.0.0

ciscoprime_collaboration_provisioningMatch11.1.0

ciscoprime_collaboration_provisioningMatch11.5.0

VendorProductVersionCPE
ciscoprime_collaboration_provisioning9.0.0cpe:2.3:a:cisco:prime_collaboration_provisioning:9.0.0:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning9.5.0cpe:2.3:a:cisco:prime_collaboration_provisioning:9.5.0:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning10.0.0cpe:2.3:a:cisco:prime_collaboration_provisioning:10.0.0:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning10.5.0cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.0:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning10.5.1cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.1:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning10.6.0cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.0:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning10.6.2cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.2:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning11.0.0cpe:2.3:a:cisco:prime_collaboration_provisioning:11.0.0:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning11.1.0cpe:2.3:a:cisco:prime_collaboration_provisioning:11.1.0:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning11.5.0cpe:2.3:a:cisco:prime_collaboration_provisioning:11.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	prime_collaboration_provisioning	9.0.0	cpe:2.3:a:cisco:prime_collaboration_provisioning:9.0.0:::::::*
cisco	prime_collaboration_provisioning	9.5.0	cpe:2.3:a:cisco:prime_collaboration_provisioning:9.5.0:::::::*
cisco	prime_collaboration_provisioning	10.0.0	cpe:2.3:a:cisco:prime_collaboration_provisioning:10.0.0:::::::*
cisco	prime_collaboration_provisioning	10.5.0	cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.0:::::::*
cisco	prime_collaboration_provisioning	10.5.1	cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.1:::::::*
cisco	prime_collaboration_provisioning	10.6.0	cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.0:::::::*
cisco	prime_collaboration_provisioning	10.6.2	cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.2:::::::*
cisco	prime_collaboration_provisioning	11.0.0	cpe:2.3:a:cisco:prime_collaboration_provisioning:11.0.0:::::::*
cisco	prime_collaboration_provisioning	11.1.0	cpe:2.3:a:cisco:prime_collaboration_provisioning:11.1.0:::::::*
cisco	prime_collaboration_provisioning	11.5.0	cpe:2.3:a:cisco:prime_collaboration_provisioning:11.5.0:::::::*

CNA Affected

[
  {
    "product": "Cisco Prime Collaboration Provisioning",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Prime Collaboration Provisioning"
      }
    ]
  }
]

References

www.securityfocus.com/bid/98535

www.securitytracker.com/id/1038514

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp3

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:C/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.5

Confidence

High

EPSS

0.1

Percentile

95.0%

JSON

Related for CVE-2017-6635