Lucene search
CiscoCISCO-SA-20170906-PCPTHistorySep 06, 2017 - 4:00 p.m.
Cisco Prime Collaboration Provisioning Tool System File Overwrite Vulnerability
2017-09-0616:00:00
tools.cisco.com
10
0.001 Low
EPSS
Percentile
41.3%
A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root.
The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker could exploit this vulnerability by manipulating the parameters of the batch action file function.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt”]
Affected configurations
Node
ciscoprime_collaboration_provisioningMatchany
ORciscoprime_collaboration_provisioningMatchany
| CPE | Name | Operator | Version |
|---|---|---|---|
| cisco prime collaboration provisioning | eq | any | |
| cisco prime collaboration provisioning | eq | any |
Related
prion
prion
Input validation
2017-09-07 21:29:00
cve
cve
CVE-2017-6792
2017-09-07 21:29:00
cvelist
cvelist
CVE-2017-6792
2017-09-07 21:00:00
nvd
nvd
CVE-2017-6792
2017-09-07 21:29:00