Main Vulnerability Database Vulnerabilities #VU8145

Improper input validation in Cisco Prime Collaboration Provisioning - CVE-2017-6792

Published: September 7, 2017

Vulnerability identifier: #VU8145

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-6792

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Prime Collaboration Provisioning

Detailed vulnerability description

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the system.

The weakness exists in the batch provisioning feature due to lack of input validation of the parameters in BatchFileName and Directory. A remote attacker can manipulate the parameters of the batch action file function and overwrite system files as root.

How to mitigate CVE-2017-6792

Install update from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt

Improper input validation in Cisco Prime Collaboration Provisioning - CVE-2017-6792

Detailed vulnerability description

How to mitigate CVE-2017-6792

Sources

Please verify you're human