Lucene search
SAINT CorporationSAINT:8F7397572138751FA19387625FC20E9DHistoryOct 25, 2017 - 12:00 a.m.
Cisco Prime Collaboration Provisioning ScriptMgr HEAD request vulnerability
2017-10-2500:00:00
SAINT Corporation
download.saintcorporation.com
534
EPSS
0.806
Percentile
98.4%
Added: 10/25/2017
CVE: CVE-2017-6622
BID: 98520
Background
The Cisco Prime Collaboration product family facilitates installation and maintenance of Cisco Unified Communications and Cisco TelePresence components, as well as the provisioning of users and services.
Problem
Missing security constraints allow remote attackers to inject arbitrary Java code by sending a specially crafted HEAD request for the **ScriptMgr** servlet.
Resolution
Upgrade to Cisco Prime Collaboration Provisioning 12.1 or higher.
References
<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1>
Limitations
The netcat utility must exist on the target in order for the exploit to succeed.
Platforms
Linux
Related
cvelist
cvelist
CVE-2017-6622
2017-05-18 19:00:00
zdi
zdi
exploitdb
exploitdb
cve
cve
CVE-2017-6622
2017-05-18 19:29:00
packetstorm
packetstorm
saint
saint
Cisco Prime Collaboration Provisioning ScriptMgr HEAD request vulnerability
2017-10-25 00:00:00
Cisco Prime Collaboration Provisioning ScriptMgr HEAD request vulnerability
2017-10-25 00:00:00
cisco
cisco
Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability
2017-05-17 16:00:00
checkpoint_advisories
checkpoint_advisories
prion
prion
Command injection
2017-05-18 19:29:00
nessus
nessus
zdt
zdt
nvd
nvd
CVE-2017-6622
2017-05-18 19:29:00
openvas
openvas
Cisco Prime Provisioning Multiple Vulnerabilities (May 2017)
2017-05-23 00:00:00