CVE-2017-6759

CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 49.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Prime Collaboration Provisioning

Timeline

PublishedAug 7

Latest updateMay 13

Description

A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco_prime_collaboration_provisioning_toolCisco Prime Collaboration Provisioning Tool

▶NVDcisco/prime_collaboration_provisioning12.1

🔴Vulnerability Details

GHSA

GHSA-jqg6-p87q-mgfq: A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12↗2022-05-13

▶

CVEList

CVE-2017-6759: A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12↗2017-08-07

▶

📋Vendor Advisories

Cisco

Cisco Prime Collaboration Provisioning Tool UpgradeManager File Write Vulnerability↗2017-08-02

▶