Arbitrary File Write Vulnerability in Cisco Prime Collaboration Provisioning Tool
CVE-2017-6759
6.5MEDIUM
Key Information:
- Vendor
- Cisco
- Vendor
- CVE Published:
- 7 August 2017
Summary
A vulnerability exists in the UpgradeManager component of Cisco Prime Collaboration Provisioning Tool 12.1 that allows an authenticated remote attacker to exploit insufficient input validation, enabling them to write arbitrary files with root privileges on the affected system. This can be achieved by initiating the functionality related to upgrade package installations, potentially compromising the system’s integrity. Reference to Cisco Bug IDs CSCvc90304 provides further insights into the technical specifics of the vulnerability.
Affected Version(s)
Cisco Prime Collaboration Provisioning Tool Cisco Prime Collaboration Provisioning Tool
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved