Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-6622

Опубликовано: 18 мая 2017
Источник: nvd
CVSS3: 9.8
CVSS2: 10
EPSS Высокий

Описание

A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:prime_collaboration_provisioning:9.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_collaboration_provisioning:9.5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_collaboration_provisioning:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_collaboration_provisioning:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_collaboration_provisioning:11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_collaboration_provisioning:11.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 99%
0.77352
Высокий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-264
CWE-862

Связанные уязвимости

github логотип

GHSA-9vgq-7248-h4mj

CVSS3: 9.8
github
больше 3 лет назад

A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724.

fstec логотип

BDU:2017-02232

CVSS3: 9.8
fstec
больше 8 лет назад

Уязвимость веб-интерфейса программного средства управления контентом в сети Prime Collaboration Provisioning, позволяющая нарушителю обойти процедуру аутентификации и выполнить произвольную команду

EPSS

Процентиль: 99%
0.77352
Высокий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-264
CWE-862