1. CVE-Search
  2. CVE-2017-6622
ID CVE-2017-6622
Summary A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724.
References
Vulnerable Configurations
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:9.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:9.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:9.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:9.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:10.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:10.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:11.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:11.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:11.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:11.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_collaboration_provisioning:11.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_collaboration_provisioning:11.5.0:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 98520
confirm https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1
exploit-db 42888
sectrack 1038507
saint via4
bid 98520
description Cisco Prime Collaboration Provisioning ScriptMgr HEAD request vulnerability
id net_cisco_primecollaboration
title cisco_prime_cp_scriptmgr_head
type remote
Last major update 03-10-2019 - 00:03
Published 18-05-2017 - 19:29
Last modified 03-10-2019 - 00:03
Back to Top