Details of VAR-201705-3658

ID

VAR-201705-3658

CVE

CVE-2017-6636

TITLE

Cisco Prime Collaboration Provisioning Software Web Path traversal vulnerability in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2017-004239

DESCRIPTION

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to view any file on the system. Cisco Bug IDs: CSCvc99604. Vendors have confirmed this vulnerability Bug ID CSCvc99604 It is released as.Information may be obtained. Authentication is not required to exploit this vulnerability.The specific flaw exists within the service that listens on TCP port 443 by default. Access to the /logs/cupm directory is unrestricted. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Information harvested may aid in launching further attacks. The software is IP Telephony, Voicemail, and Unified Communications environments provide IP Communication service function

Trust: 2.7

sources: NVD: CVE-2017-6636 // JVNDB: JVNDB-2017-004239 // ZDI: ZDI-17-449 // BID: 98526 // VULHUB: VHN-114839 // VULMON: CVE-2017-6636

AFFECTED PRODUCTS

vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	10.6.0	Trust: 1.6
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	10.6.2	Trust: 1.6
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	9.0.0	Trust: 1.6
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	10.5.1	Trust: 1.6
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	10.5.0	Trust: 1.6
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	10.0.0	Trust: 1.6
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	9.5.0	Trust: 1.6
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	11.0.0	Trust: 1.6
vendor:	cisco	model:	prime collaboration provisioning	scope:	lt	version:	11.1	Trust: 0.8
vendor:	cisco	model:	prime collaboration provisioning	scope:	-	version:	-	Trust: 0.7
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	11.0	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	10.6	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	10.5	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	10.0	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	ne	version:	11.1	Trust: 0.3

sources: ZDI: ZDI-17-449 // BID: 98526 // JVNDB: JVNDB-2017-004239 // CNNVD: CNNVD-201705-909 // NVD: CVE-2017-6636

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6636
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6636
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2017-6636
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-201705-909
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114839
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-6636
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6636
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
ZDI:	CVE-2017-6636
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
VULHUB:	VHN-114839
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6636
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-17-449 // VULHUB: VHN-114839 // VULMON: CVE-2017-6636 // JVNDB: JVNDB-2017-004239 // CNNVD: CNNVD-201705-909 // NVD: CVE-2017-6636

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-114839 // JVNDB: JVNDB-2017-004239 // NVD: CVE-2017-6636

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-909

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201705-909

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004239

PATCH

title:	cisco-sa-20170517-pcp4	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp4	Trust: 1.5
title:	Cisco Prime Collaboration Provisioning Software Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70403	Trust: 0.6
title:	Cisco: Cisco Prime Collaboration Provisioning Directory Traversal Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170517-pcp4	Trust: 0.1

sources: ZDI: ZDI-17-449 // VULMON: CVE-2017-6636 // JVNDB: JVNDB-2017-004239 // CNNVD: CNNVD-201705-909

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6636	Trust: 3.6
db:	BID	id:	98526	Trust: 1.5
db:	SECTRACK	id:	1038515	Trust: 1.2
db:	JVNDB	id:	JVNDB-2017-004239	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-4344	Trust: 0.7
db:	ZDI	id:	ZDI-17-449	Trust: 0.7
db:	CNNVD	id:	CNNVD-201705-909	Trust: 0.7
db:	NSFOCUS	id:	36732	Trust: 0.6
db:	VULHUB	id:	VHN-114839	Trust: 0.1
db:	VULMON	id:	CVE-2017-6636	Trust: 0.1

sources: ZDI: ZDI-17-449 // VULHUB: VHN-114839 // VULMON: CVE-2017-6636 // BID: 98526 // JVNDB: JVNDB-2017-004239 // CNNVD: CNNVD-201705-909 // NVD: CVE-2017-6636

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170517-pcp4	Trust: 2.9
url:	http://www.securityfocus.com/bid/98526	Trust: 1.3
url:	http://www.securitytracker.com/id/1038515	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6636	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6636	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/36732	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-17-449 // VULHUB: VHN-114839 // VULMON: CVE-2017-6636 // BID: 98526 // JVNDB: JVNDB-2017-004239 // CNNVD: CNNVD-201705-909 // NVD: CVE-2017-6636

CREDITS

rgod

Trust: 0.7

sources: ZDI: ZDI-17-449

SOURCES

db:	ZDI	id:	ZDI-17-449
db:	VULHUB	id:	VHN-114839
db:	VULMON	id:	CVE-2017-6636
db:	BID	id:	98526
db:	JVNDB	id:	JVNDB-2017-004239
db:	CNNVD	id:	CNNVD-201705-909
db:	NVD	id:	CVE-2017-6636

LAST UPDATE DATE

2024-11-23T22:52:30.346000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-17-449	date:	2017-06-26T00:00:00
db:	VULHUB	id:	VHN-114839	date:	2017-07-08T00:00:00
db:	VULMON	id:	CVE-2017-6636	date:	2017-07-08T00:00:00
db:	BID	id:	98526	date:	2017-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-004239	date:	2017-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201705-909	date:	2017-05-22T00:00:00
db:	NVD	id:	CVE-2017-6636	date:	2024-11-21T03:30:11.163

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-17-449	date:	2017-06-26T00:00:00
db:	VULHUB	id:	VHN-114839	date:	2017-05-22T00:00:00
db:	VULMON	id:	CVE-2017-6636	date:	2017-05-22T00:00:00
db:	BID	id:	98526	date:	2017-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-004239	date:	2017-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201705-909	date:	2017-05-22T00:00:00
db:	NVD	id:	CVE-2017-6636	date:	2017-05-22T01:29:00.400