Lucene search

[email protected]CVE-2017-6622

HistoryMay 18, 2017 - 7:29 p.m.

CVE-2017-6622

2017-05-1819:29:00

CWE-862

[email protected]

web.nvd.nist.gov

cisco

prime

collaboration

provisioning

vulnerability

remote

command injection

cisco bug id

cscvc98724

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.762 High

EPSS

Percentile

98.2%

JSON

A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724.

CPENameOperatorVersion
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq9.5.0
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq9.0.0
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq10.6.2
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq11.5.0
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq10.5.1
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq11.1.0
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq10.6.0
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq10.5.0
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq11.0.0
cisco:prime_collaboration_provisioningcisco prime collaboration provisioningeq10.0.0

CPE	Name	Operator	Version
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	9.5.0
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	9.0.0
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	10.6.2
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	11.5.0
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	10.5.1
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	11.1.0
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	10.6.0
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	10.5.0
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	11.0.0
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	eq	10.0.0