CVE-2017-6637

Name of the Vulnerable Software and Affected Versions Cisco Prime Collaboration Provisioning Software versions prior to 11.1

Description The issue arises from improper input validation of HTTP requests and the lack of role-based access controls (RBACs) applied to requested HTTP URLs in the web interface. This allows an authenticated, remote attacker to delete any file from an affected system by sending a crafted HTTP request that utilizes directory traversal techniques to specify the path to a desired file location. A successful exploit could result in the deletion of any file from the system.

Recommendations For versions prior to 11.1, update to Release 11.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation. Additionally, limiting the privileges of authenticated users could help reduce the potential impact of this issue until a patch is applied.