CVE-2017-6635

Name of the Vulnerable Software and Affected Versions Cisco Prime Collaboration Provisioning Software versions prior to 12.1

Description The issue arises from the software's failure to properly validate HTTP request inputs and apply role-based access controls (RBACs) to requested HTTP URLs. This allows an authenticated, remote attacker to delete any file from an affected system by sending a crafted HTTP request that utilizes directory traversal techniques to specify a file location. A successful exploit could result in the deletion of any file from the system.

Recommendations For versions prior to 12.1, update to Release 12.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation. Additionally, limiting the privileges of authenticated users could help reduce the potential impact of this issue.