Vulnerability Description
A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker could exploit this vulnerability by manipulating the parameters of the batch action file function. Cisco Bug IDs: CSCvd61766.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Prime Collaboration Provisioning | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100666Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039279Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/100666Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039279Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2017-6792?
CVE-2017-6792 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is d...
How severe is CVE-2017-6792?
CVE-2017-6792 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6792?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Prime Collaboration Provisioning.