Vulnslist

find the latest Cisco vulnerabilities

Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability

cisco-sa-20170517-pcp2 · High · Published · Updated

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp2

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-6621
Cisco Bug IDsCSCvc99626
CVSS ScoreBase 7.5
Base 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Prime Collaboration Provisioning

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2017-6621 Cisco OpenVuln
Cisco Catalyst PON Series Switches CVE-2017-6621 Cisco OpenVuln
Cisco Prime Collaboration Provisioning CVE-2017-6621 Cisco OpenVuln
Cisco Prime Collaboration CVE-2017-6621 Cisco OpenVuln