CVE-2017-6792

Sažetak

A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker could exploit this vulnerability by manipulating the parameters of the batch action file function. Cisco Bug IDs: CSCvd61766.

Reference

http://www.securityfocus.com/bid/100666
http://www.securitytracker.com/id/1039279
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt

CVSS

Base:	8.5
Impact:	9.2
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:C/A:C

Zadnje važnije ažuriranje

09-10-2019 - 23:29

Objavljeno

07-09-2017 - 21:29