Lucene search

CiscoCVE-2017-6759

HistoryAug 07, 2017 - 6:29 a.m.

CVE-2017-6759

2017-08-0706:29:00

CWE-20

cisco

web.nvd.nist.gov

vulnerability

cisco

prime collaboration provisioning tool

12.1

remote attacker

authenticated

arbitrary files

root

insufficient input validation

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:C/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

40.6%

JSON

A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304.

Affected configurations

Nvd

Node

ciscoprime_collaboration_provisioningMatch12.1

VendorProductVersionCPE
ciscoprime_collaboration_provisioning12.1cpe:2.3:a:cisco:prime_collaboration_provisioning:12.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	prime_collaboration_provisioning	12.1	cpe:2.3:a:cisco:prime_collaboration_provisioning:12.1:::::::*

CNA Affected

[
  {
    "product": "Cisco Prime Collaboration Provisioning Tool",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Prime Collaboration Provisioning Tool"
      }
    ]
  }
]

References

www.securitytracker.com/id/1039062

quickview.cloudapps.cisco.com/quickview/bug/CSCvc90304

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:C/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

40.6%

JSON

Related for CVE-2017-6759