|Number of vulnerabilities||1|
|CVE ID|| CVE-2017-12276
|CWE ID|| CWE-89
|Public exploit||Not available|
Cisco Prime Collaboration Provisioning
|Vulnerable software versions||
Cisco Prime Collaboration Provisioning 11.5(0)
Cisco Prime Collaboration Provisioning 12.1
Cisco Prime Collaboration Provisioning 11.0(0.621)
|Vendor URL||Cisco Systems, Inc|
The vulnerability allows a remote authenticated attacker to execute arbitrary SQL commands in web application database.
The vulnerability exists in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application due to insufficient sanitization of user-supplied data. A remote attacker can supply a specially crafted parameter value to execute SQL commands on the underlying database.
Successful exploitation of the vulnerability may allow an attacker to gain administrative access to vulnerable web application.Remediation
Install update from vendor's website.