CVE-2017-6621

Name of the Vulnerable Software and Affected Versions Cisco Prime Collaboration Provisioning versions 10.6 through 11.5

Description A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. This is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to access specific system files, potentially obtaining sensitive information about the application, including user credentials.

Recommendations For versions 10.6 through 11.5, update to a version that includes the fix for the issue, as specified in Cisco Bug IDs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.