CVE-2017-6703

Опубликовано: 04 июл. 2017

Источник: nvd

CVSS3: 5.9

CVSS2: 4

EPSS Низкий

Описание

A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. More Information: CSCvc90346. Known Affected Releases: 12.1.

Ссылки

http://www.securityfocus.com/bid/99224
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038744
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp1
Vendor Advisory
http://www.securityfocus.com/bid/99224
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038744
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp1
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:prime_collaboration_provisioning:11.2_base:*:*:*:*:*:*:*

cpe:2.3:a:cisco:prime_collaboration_provisioning:11.5.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:prime_collaboration_provisioning:11.6_base:*:*:*:*:*:*:*

cpe:2.3:a:cisco:prime_collaboration_provisioning:12.1_base:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00977

Низкий

5.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-vvf3-5gqj-wp29