1. CVE-Search
  2. CVE-2017-6635
ID CVE-2017-6635
Summary A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to delete any file from the system. Cisco Bug IDs: CSCvc99597.
References
Vulnerable Configurations
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:9.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:9.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:9.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:9.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:10.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:10.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:11.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:11.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:11.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:11.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:11.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:11.5.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE COMPLETE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:C/A:N
refmap via4
bid 98535
confirm https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp3
sectrack 1038514
Last major update 03-10-2019 - 00:03
Published 22-05-2017 - 01:29
Last modified 03-10-2019 - 00:03
Back to Top