Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-6622

CWE-264CWE-862Missing Authorization5 documents5 sources
Severity
9.8CRITICAL
EPSS
31.0%
top 3.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco Prime Collaboration Provisioning
Timeline
PublishedMay 18
Latest updateMay 13

Description

A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime C

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco_prime_collaboration_provisioningCisco Prime Collaboration Provisioning

🔴Vulnerability Details

2
GHSA
GHSA-9vgq-7248-h4mj: A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authenticati2022-05-13
CVEList
CVE-2017-6622: A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authenticati2017-05-18

💥Exploits & PoCs

1
Exploit-DB
Cisco Prime Collaboration Provisioning < 12.1 - Authentication Bypass / Remote Code Execution2017-09-27

📋Vendor Advisories

1
Cisco
Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability2017-05-17
CVE-2017-6622 (CRITICAL CVSS 9.8) | A vulnerability in the web interfac | cvebase.io