Lucene search
CiscoCVELIST:CVE-2017-6622HistoryMay 18, 2017 - 7:00 p.m.
CVE-2017-6622
2017-05-1819:00:00
CWE-264
cisco
www.cve.org
4
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724.
CNA Affected
[
{
"product": "Cisco Prime Collaboration Provisioning",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Prime Collaboration Provisioning"
}
]
}
]Related
packetstorm
packetstorm
saint
saint
Cisco Prime Collaboration Provisioning ScriptMgr HEAD request vulnerability
2017-10-25 00:00:00
Cisco Prime Collaboration Provisioning ScriptMgr HEAD request vulnerability
2017-10-25 00:00:00
Cisco Prime Collaboration Provisioning ScriptMgr HEAD request vulnerability
2017-10-25 00:00:00
cisco
cisco
Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability
2017-05-17 16:00:00
zdi
zdi
exploitdb
exploitdb
cve
cve
CVE-2017-6622
2017-05-18 19:29:00
checkpoint_advisories
checkpoint_advisories
zdt
zdt
nvd
nvd
CVE-2017-6622
2017-05-18 19:29:00
prion
prion
Command injection
2017-05-18 19:29:00
nessus
nessus
openvas
openvas
Cisco Prime Provisioning Multiple Vulnerabilities (May 2017)
2017-05-23 00:00:00