You are here
Home > Preporuke > Ranjivost Cisco Prime Collaboration Provisioning proizvoda

Ranjivost Cisco Prime Collaboration Provisioning proizvoda

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: URG
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20170517-pcp1

Revision: 1.0

For Public Release: 2017 May 17 16:00 GMT

Last Updated: 2017 May 17 16:00 GMT

CVE ID(s): CVE-2017-6622

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary
=======
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges.

The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to bypass authentication and perform command injection in Cisco Prime Collaboration Provisioning with root privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZHHQlZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnIkhAArEo7Qfl/LCbeIhg1
8JyrThOaTF7BpE9jm/gPOSzMZ3NsR/KL1wqHd5bXDb85UybJnhK9Xoy2JiGOyii9
/bHjxNDw/daPwWgwtHW5GXrNCG8CSNuc6fdvfOYfdMbO2cQXU+inyZGiqyXGU7Hj
+NCKOpnpgsYB5C+wxiKZb77XAFzPAuFO7/mFOqTy1arVVkpCl8HPEc7lCjGWTyt4
qZpttVSiiTRXnF+pTwwM6JgDYcRR2eTPZtJUtpddRPdN6yPeYXFKyt/Esy6E87ZL
sXy1H729UF9AQRV5gpRmI94poSAXk1CXJzzP1xfyuKZkSziTbCGYFZ3jWsphq+do
NDzVaxUXtyKGWjTAn8029fVTD6bO8JRZK8gPkPmeum2YaBO3HaRlRgwU6ibjpBZh
b6YoRFQQtKeUNWW+XokB2v0fJy9yzTtN//HH6JR7l4tpxUBRjcGMkxqhspsjaOmu
tF6TVD4VIH3p53afJj6yT7AHD6vhUp56vxqdqRthLdjXgs1o4RVnBYzzs4o03KwE
+sNK1coMO5/+iSYaxAk8F5F246JsN7tr4H6dTLqR4nfBXTkzhX7AtwcVp5oaQqPC
LhWPpaH2nXoCY1K8RZepDbWovMrV2dEQkHWpn4x2B+SvFhUbpOJz2RNthfPa00j/
zpWuu5DQqfvJG5QkJKO5OsKuqdE=
=08iD
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorTomislav Protega
Cert idNCERT-REF-2017-05-0038-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Ranjivost Cisco Policy Suite (CPS) softvera

Otkrivena je ranjivost u skriptnoj datoteci instaliranoj kao dio Cisco Policy Suite (CPS) distribucijskog softvera za CPS uređaj. Ranjivost je...

Close