Vulnslist

find the latest Cisco vulnerabilities

Cisco Prime Collaboration Provisioning Tool Pervasive Cross-Site Request Forgery Vulnerability

cisco-sa-20170802-pcpt1 · Medium · Published · Updated

A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks. An attacker could exploit this vulnerability by forcing the user’s browser to perform any action authorized for that user. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt1

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-6756
Cisco Bug IDsCSCvc90280
CVSS ScoreBase 6.5
Base 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Prime Collaboration Provisioning

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Prime Collaboration Provisioning known_affected cisco_csaf CVE-2017-6756 1

Related Products

Product CVE Evidence
Cisco Prime Collaboration CVE-2017-6756 Cisco OpenVuln
Cisco Prime Collaboration Provisioning CVE-2017-6756 Cisco OpenVuln