CVE-2017-6759

6.5MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Prime Collaboration Provisioning Tool
Vendor
CVE Published:
7 August 2017

Summary

A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304.

Affected Version(s)

Cisco Prime Collaboration Provisioning Tool Cisco Prime Collaboration Provisioning Tool

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039062
vdb-entryx_refsource_SECTRACK
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.