Arbitrary File Write Vulnerability in Cisco Prime Collaboration Provisioning Tool
CVE-2017-6759
6.5MEDIUM
Key Information:
- Vendor
Cisco
- Vendor
- CVE Published:
- 7 August 2017
What is CVE-2017-6759?
A vulnerability exists in the UpgradeManager component of Cisco Prime Collaboration Provisioning Tool 12.1 that allows an authenticated remote attacker to exploit insufficient input validation, enabling them to write arbitrary files with root privileges on the affected system. This can be achieved by initiating the functionality related to upgrade package installations, potentially compromising the system’s integrity. Reference to Cisco Bug IDs CSCvc90304 provides further insights into the technical specifics of the vulnerability.
Affected Version(s)
Cisco Prime Collaboration Provisioning Tool Cisco Prime Collaboration Provisioning Tool