Executive Summary
Summary | |
---|---|
Title | Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20170517-pcp1 | First vendor Publication | 2017-05-17 |
Vendor | Cisco | Last vendor Modification | 2017-05-17 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to bypass authentication and perform command injection in Cisco Prime Collaboration Provisioning with root privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1"] BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJZHHQlZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnIkhAArEo7Qfl/LCbeIhg1 8JyrThOaTF7BpE9jm/gPOSzMZ3NsR/KL1wqHd5bXDb85UybJnhK9Xoy2JiGOyii9 /bHjxNDw/daPwWgwtHW5GXrNCG8CSNuc6fdvfOYfdMbO2cQXU+inyZGiqyXGU7Hj +NCKOpnpgsYB5C+wxiKZb77XAFzPAuFO7/mFOqTy1arVVkpCl8HPEc7lCjGWTyt4 qZpttVSiiTRXnF+pTwwM6JgDYcRR2eTPZtJUtpddRPdN6yPeYXFKyt/Esy6E87ZL sXy1H729UF9AQRV5gpRmI94poSAXk1CXJzzP1xfyuKZkSziTbCGYFZ3jWsphq+do NDzVaxUXtyKGWjTAn8029fVTD6bO8JRZK8gPkPmeum2YaBO3HaRlRgwU6ibjpBZh b6YoRFQQtKeUNWW+XokB2v0fJy9yzTtN//HH6JR7l4tpxUBRjcGMkxqhspsjaOmu tF6TVD4VIH3p53afJj6yT7AHD6vhUp56vxqdqRthLdjXgs1o4RVnBYzzs4o03KwE +sNK1coMO5/+iSYaxAk8F5F246JsN7tr4H6dTLqR4nfBXTkzhX7AtwcVp5oaQqPC LhWPpaH2nXoCY1K8RZepDbWovMrV2dEQkHWpn4x2B+SvFhUbpOJz2RNthfPa00j/ zpWuu5DQqfvJG5QkJKO5OsKuqdE= =08iD END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Cisco Prime Collaboration Provisioning ScriptMgr HEAD request vulnerability | More info here |
Snort® IPS/IDS
Date | Description |
---|---|
2017-05-17 | Cisco Prime Collaboration ScriptMgr authentication bypass attempt RuleID : 42923 - Revision : 2 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-07-13 | Name : The remote network management server is affected by a remote command executio... File : cisco_prime_cp_cve-2017-6622.nasl - Type : ACT_ATTACK |
2017-05-22 | Name : The remote network management server is affected by multiple vulnerabilities. File : cisco_prime_cp_sa-20170517-pcp1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2017-07-14 13:24:51 |
|
2017-05-25 21:25:13 |
|
2017-05-23 13:23:43 |
|
2017-05-19 00:24:05 |
|
2017-05-17 21:20:53 |
|