PT-2017-17258 · Cisco · Cisco Prime Collaboration Provisioning

Published

2017-07-04

Updated

2017-07-07

CVE-2017-6704

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco Prime Collaboration Provisioning tool version 12.1

Description A vulnerability in the web application could allow an authenticated, remote attacker to perform arbitrary file downloads, potentially allowing the attacker to read files from the underlying filesystem.

Recommendations For version 12.1, update to a version that fixes the issue, as the current version allows arbitrary file downloads that could compromise the system's security.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2017-6704

Affected Products

Cisco Prime Collaboration Provisioning

PT-2017-17258 · Cisco · Cisco Prime Collaboration Provisioning

CVE-2017-6704

Weakness Enumeration

Related Identifiers

Affected Products

References · 5