Lucene search

[email protected]NVD:CVE-2017-6622

HistoryMay 18, 2017 - 7:29 p.m.

CVE-2017-6622

2017-05-1819:29:00

CWE-862

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.806

Percentile

98.4%

JSON

A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724.

Affected configurations

Nvd

Node

ciscoprime_collaboration_provisioningMatch9.0.0

ciscoprime_collaboration_provisioningMatch9.5.0

ciscoprime_collaboration_provisioningMatch10.0.0

ciscoprime_collaboration_provisioningMatch10.5.0

ciscoprime_collaboration_provisioningMatch10.5.1

ciscoprime_collaboration_provisioningMatch10.6.0

ciscoprime_collaboration_provisioningMatch10.6.2

ciscoprime_collaboration_provisioningMatch11.0.0

ciscoprime_collaboration_provisioningMatch11.1.0

ciscoprime_collaboration_provisioningMatch11.5.0

VendorProductVersionCPE
ciscoprime_collaboration_provisioning9.0.0cpe:2.3:a:cisco:prime_collaboration_provisioning:9.0.0:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning9.5.0cpe:2.3:a:cisco:prime_collaboration_provisioning:9.5.0:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning10.0.0cpe:2.3:a:cisco:prime_collaboration_provisioning:10.0.0:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning10.5.0cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.0:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning10.5.1cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.1:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning10.6.0cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.0:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning10.6.2cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.2:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning11.0.0cpe:2.3:a:cisco:prime_collaboration_provisioning:11.0.0:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning11.1.0cpe:2.3:a:cisco:prime_collaboration_provisioning:11.1.0:*:*:*:*:*:*:*
ciscoprime_collaboration_provisioning11.5.0cpe:2.3:a:cisco:prime_collaboration_provisioning:11.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	prime_collaboration_provisioning	9.0.0	cpe:2.3:a:cisco:prime_collaboration_provisioning:9.0.0:::::::*
cisco	prime_collaboration_provisioning	9.5.0	cpe:2.3:a:cisco:prime_collaboration_provisioning:9.5.0:::::::*
cisco	prime_collaboration_provisioning	10.0.0	cpe:2.3:a:cisco:prime_collaboration_provisioning:10.0.0:::::::*
cisco	prime_collaboration_provisioning	10.5.0	cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.0:::::::*
cisco	prime_collaboration_provisioning	10.5.1	cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.1:::::::*
cisco	prime_collaboration_provisioning	10.6.0	cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.0:::::::*
cisco	prime_collaboration_provisioning	10.6.2	cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.2:::::::*
cisco	prime_collaboration_provisioning	11.0.0	cpe:2.3:a:cisco:prime_collaboration_provisioning:11.0.0:::::::*
cisco	prime_collaboration_provisioning	11.1.0	cpe:2.3:a:cisco:prime_collaboration_provisioning:11.1.0:::::::*
cisco	prime_collaboration_provisioning	11.5.0	cpe:2.3:a:cisco:prime_collaboration_provisioning:11.5.0:::::::*