Lucene search

CiscoCVE-2017-6792

HistorySep 07, 2017 - 9:29 p.m.

CVE-2017-6792

2017-09-0721:29:00

CWE-20

cisco

web.nvd.nist.gov

cisco

prime

collaboration

provisioning

tool

vulnerability

batch

input validation

cscvd61766

nvd

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

41.3%

JSON

A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker could exploit this vulnerability by manipulating the parameters of the batch action file function. Cisco Bug IDs: CSCvd61766.

Affected configurations

Nvd

Node

ciscoprime_collaboration_provisioningMatch-

VendorProductVersionCPE
ciscoprime_collaboration_provisioning-cpe:2.3:a:cisco:prime_collaboration_provisioning:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	prime_collaboration_provisioning	-	cpe:2.3:a:cisco:prime_collaboration_provisioning:-:::::::*

CNA Affected

[
  {
    "product": "Cisco Prime Collaboration Provisioning Tool",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Prime Collaboration Provisioning Tool"
      }
    ]
  }
]

References

www.securityfocus.com/bid/100666

www.securitytracker.com/id/1039279

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

41.3%

JSON

Related for CVE-2017-6792