CVE-2017-6621
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
97.8%
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases 10.6 through 11.5. Cisco Bug IDs: CSCvc99626.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | prime_collaboration_provisioning | 9.0.0 | cpe:2.3:a:cisco:prime_collaboration_provisioning:9.0.0:*:*:*:*:*:*:* |
| cisco | prime_collaboration_provisioning | 9.5.0 | cpe:2.3:a:cisco:prime_collaboration_provisioning:9.5.0:*:*:*:*:*:*:* |
| cisco | prime_collaboration_provisioning | 10.0.0 | cpe:2.3:a:cisco:prime_collaboration_provisioning:10.0.0:*:*:*:*:*:*:* |
| cisco | prime_collaboration_provisioning | 10.5.0 | cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.0:*:*:*:*:*:*:* |
| cisco | prime_collaboration_provisioning | 10.5.1 | cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.1:*:*:*:*:*:*:* |
| cisco | prime_collaboration_provisioning | 10.6.0 | cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.0:*:*:*:*:*:*:* |
| cisco | prime_collaboration_provisioning | 10.6.2 | cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.2:*:*:*:*:*:*:* |
| cisco | prime_collaboration_provisioning | 11.0.0 | cpe:2.3:a:cisco:prime_collaboration_provisioning:11.0.0:*:*:*:*:*:*:* |
| cisco | prime_collaboration_provisioning | 11.1.0 | cpe:2.3:a:cisco:prime_collaboration_provisioning:11.1.0:*:*:*:*:*:*:* |
| cisco | prime_collaboration_provisioning | 11.5.0 | cpe:2.3:a:cisco:prime_collaboration_provisioning:11.5.0:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
97.8%