PT-2017-17298 · Cisco · Cisco Prime Collaboration Provisioning Tool

Publicado

2017-08-07

Atualizado

2019-10-09

CVE-2017-6759

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Cisco Prime Collaboration Provisioning Tool version 12.1

Description A vulnerability in the UpgradeManager could allow an authenticated, remote attacker to write arbitrary files as root on the system due to insufficient input validation. An attacker could exploit this by triggering the upgrade package installation functionality.

Recommendations For Cisco Prime Collaboration Provisioning Tool version 12.1, update the software to a version that includes the fix for the issue, as the current version allows attackers to write arbitrary files as root due to insufficient input validation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2017-6759

Produtos afetados

Cisco Prime Collaboration Provisioning Tool

PT-2017-17298 · Cisco · Cisco Prime Collaboration Provisioning Tool

CVE-2017-6759

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5