CVE-2017-6759

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2017-6759
A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:C/A:N

Exploitability : 8.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact NONE

References
Link Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt Vendor Advisory
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc90304 Vendor Advisory
http://www.securitytracker.com/id/1039062 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:prime_collaboration_provisioning:12.1:*:*:*:*:*:*:*
Information

Published : 2017-08-06 23:29

Updated : 2019-10-09 16:29

NVD link : CVE-2017-6759

Mitre link : CVE-2017-6759

JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa
Products Affected

cisco

  • prime_collaboration_provisioning