Vulnerability Description
A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Prime Collaboration Provisioning | 12.1 |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1039062Third Party AdvisoryVDB Entry
- https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc90304Vendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securitytracker.com/id/1039062Third Party AdvisoryVDB Entry
- https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc90304Vendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2017-6759?
CVE-2017-6759 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerab...
How severe is CVE-2017-6759?
CVE-2017-6759 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6759?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Prime Collaboration Provisioning.