Lucene search
RgodZDI-17-447HistoryJun 26, 2017 - 12:00 a.m.
Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal Information Disclosure Vulnerability
2017-06-2600:00:00
rgod
www.zerodayinitiative.com
11
0.53 Medium
EPSS
Percentile
97.6%
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco Prime Collaboration Provisioning. Authentication is not required to exploit this vulnerability. The specific flaw exists within the logconfigtracer.jsp page, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose any files accessible to the root user.
Related
nvd
nvd
CVE-2017-6621
2017-05-18 19:29:00
openvas
openvas
prion
prion
Design/Logic Flaw
2017-05-18 19:29:00
cisco
cisco
Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability
2017-05-17 16:00:00
cve
cve
CVE-2017-6621
2017-05-18 19:29:00
checkpoint_advisories
checkpoint_advisories
cvelist
cvelist
CVE-2017-6621
2017-05-18 19:00:00
nessus
nessus