Lucene search

[email protected]CVE-2017-6621

HistoryMay 18, 2017 - 7:29 p.m.

CVE-2017-6621

2017-05-1819:29:00

CWE-200

[email protected]

web.nvd.nist.gov

cisco

prime collaboration provisioning

vulnerability

remote access

sensitive data

http request

exploit

user credentials

system files

nvd

cve-2017-6621

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.53 Medium

EPSS

Percentile

97.6%

JSON

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases 10.6 through 11.5. Cisco Bug IDs: CSCvc99626.

Affected configurations

NVD

Node

ciscoprime_collaboration_provisioningMatch9.0.0

ciscoprime_collaboration_provisioningMatch9.5.0

ciscoprime_collaboration_provisioningMatch10.0.0

ciscoprime_collaboration_provisioningMatch10.5.0

ciscoprime_collaboration_provisioningMatch10.5.1

ciscoprime_collaboration_provisioningMatch10.6.0

ciscoprime_collaboration_provisioningMatch10.6.2

ciscoprime_collaboration_provisioningMatch11.0.0

ciscoprime_collaboration_provisioningMatch11.1.0

ciscoprime_collaboration_provisioningMatch11.5.0

CPENameOperatorVersion
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq9.0.0
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq9.5.0
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq10.0.0
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq10.5.0
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq10.5.1
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq10.6.0
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq10.6.2
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq11.0.0
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq11.1.0
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq11.5.0

CPE	Name	Operator	Version
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	9.0.0
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	9.5.0
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	10.0.0
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	10.5.0
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	10.5.1
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	10.6.0
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	10.6.2
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	11.0.0
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	11.1.0
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	11.5.0

CNA Affected

[
  {
    "product": "Cisco Prime Collaboration",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Prime Collaboration"
      }
    ]
  }
]