CVE-2017-6759

Опубликовано: 07 авг. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 6.8

EPSS Низкий

Описание

A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304.

Ссылки

http://www.securitytracker.com/id/1039062
Third Party Advisory
VDB Entry
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc90304
Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt
Vendor Advisory
http://www.securitytracker.com/id/1039062
Third Party Advisory
VDB Entry
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc90304
Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cisco:prime_collaboration_provisioning:12.1:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.0027

Низкий

6.5 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-jqg6-p87q-mgfq