PT-2017-17298 · Cisco · Cisco Prime Collaboration Provisioning Tool

Published

2017-08-07

Updated

2019-10-09

CVE-2017-6759

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Cisco Prime Collaboration Provisioning Tool version 12.1

Description A vulnerability in the UpgradeManager could allow an authenticated, remote attacker to write arbitrary files as root on the system due to insufficient input validation. An attacker could exploit this by triggering the upgrade package installation functionality.

Recommendations For Cisco Prime Collaboration Provisioning Tool version 12.1, update the software to a version that includes the fix for the issue, as the current version allows attackers to write arbitrary files as root due to insufficient input validation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-6759

Affected Products

Cisco Prime Collaboration Provisioning Tool

PT-2017-17298 · Cisco · Cisco Prime Collaboration Provisioning Tool

CVE-2017-6759

Weakness Enumeration

Related Identifiers

Affected Products

References · 5