Executive Summary
Summary | |
---|---|
Title | Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20170517-pcp2 | First vendor Publication | 2017-05-17 |
Vendor | Cisco | Last vendor Modification | 2017-05-17 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp2 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp2"] BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJZHHQnZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmILA//bLbelAZUtwMwROj/ Gtzm1/TOhi3Pb1nMQeGYkb6pnNhNFA5BHQQEHd3N39rV9uAcFLAbD+/qVTEYxsNv TBmUZNkYwbNt6basDMdTnPAfIg4a9rqNsKoPmfNiwtHM3++WgmEnaPA+fre0rdr7 KrnQ5CemVGwy5Xyl4vXuqm5ImP3pt1ASFTTVSkOudjxz0GzsZ1a7BT92In7YkWVL vJe5ECVRItD4464Zymzw8GNVUj7ceUcOlBnzmGOq+BNt4bWn3zdqQTzzC1Sl0why pdd5ded0aVkg6hRMbNQMQJzxVQsySDNTJ/6kYpuv4MHgReHfktzY0n3tcGsEiGUW W8M5au1HMyX5N2XzY6OoV3AAEO75o4yyuF4Cv4KWCghTEj2CM+Q/nfa0cKDHDgak 6AkWMTo9a5a+fvFwGVm1wGJxQMPQ9nMVSROKVtXSKVatoAqaJiRtnVgjncNmql79 4uvpqXpLdKxhRxJMs46XMzVSV6vwa5+ivPvKX4SATd4l4shWwiacvNzzA1t64egB lkeVBqx5+f71tnz7zMrNO3Dl972pKVo1YATFLYMa/lZ5WC6PBWi/3+1WhPp3Ga0y 3C/363A/Zc1WEcl7Gwnmh5sfMuvhV85KEbwr4KpppZGEYaJG8cAG3FyCh8L2ItIS 8U7169O6Y/qYdC6Ml/mqHE7o9LY= =JUXS END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-29 | Cisco Prime Collaboration logconfigtracer directory traversal attempt RuleID : 44127 - Revision : 1 - Type : SERVER-WEBAPP |
2017-08-29 | Cisco Prime Collaboration logconfigtracer directory traversal attempt RuleID : 44126 - Revision : 1 - Type : SERVER-WEBAPP |
2017-08-29 | Cisco Prime Collaboration logconfigtracer directory traversal attempt RuleID : 44125 - Revision : 1 - Type : SERVER-WEBAPP |
2017-05-17 | Cisco Prime Collaboration potentially unauthorized log file access detected RuleID : 42924 - Revision : 1 - Type : POLICY-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-05-22 | Name : The remote network management server is affected by multiple vulnerabilities. File : cisco_prime_cp_sa-20170517-pcp1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2017-05-26 00:23:37 |
|
2017-05-23 13:23:43 |
|
2017-05-19 00:24:05 |
|
2017-05-17 21:20:55 |
|