Sign-up

ID

VAR-201707-0914


CVE

CVE-2017-6704


TITLE

Cisco Prime Collaboration Provisioning Tool Web Vulnerability to download arbitrary files in application

Trust: 0.8

sources: JVNDB: JVNDB-2017-005302

DESCRIPTION

A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1. Information obtained may aid in further attacks. This issue being tracked by Cisco Bug ID CSCvc90335. The tool provides IP communications services capabilities for IP telephony, voice mail, and unified communications environments

Trust: 1.98

sources: NVD: CVE-2017-6704 // JVNDB: JVNDB-2017-005302 // BID: 99223 // VULHUB: VHN-114907

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:12.1

Trust: 2.7

sources: BID: 99223 // JVNDB: JVNDB-2017-005302 // CNNVD: CNNVD-201706-1000 // NVD: CVE-2017-6704

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6704
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6704
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201706-1000
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114907
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6704
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114907
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6704
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114907 // JVNDB: JVNDB-2017-005302 // CNNVD: CNNVD-201706-1000 // NVD: CVE-2017-6704

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-114907 // JVNDB: JVNDB-2017-005302 // NVD: CVE-2017-6704

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-1000

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201706-1000

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005302

PATCH
title:cisco-sa-20170621-pcp2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp2
Trust: 0.8
title:Cisco Prime Collaboration Provisioning tool Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71189
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-005302 // 
            
            
            
            CNNVD: CNNVD-201706-1000

EXTERNAL IDS
db:NVDid:CVE-2017-6704
Trust: 2.8
db:BIDid:99223
Trust: 2.0
db:SECTRACKid:1038744
Trust: 1.1
db:JVNDBid:JVNDB-2017-005302
Trust: 0.8
db:CNNVDid:CNNVD-201706-1000
Trust: 0.7
db:NSFOCUSid:36960
Trust: 0.6
db:VULHUBid:VHN-114907
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114907 // 
            
            
            
            BID: 99223 // 
            
            
            
            JVNDB: JVNDB-2017-005302 // 
            
            
            
            CNNVD: CNNVD-201706-1000 // 
            
            
            
            NVD: CVE-2017-6704

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170621-pcp2
Trust: 2.0
url:http://www.securityfocus.com/bid/99223
Trust: 1.7
url:http://www.securitytracker.com/id/1038744
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6704
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6704
Trust: 0.8
url:http://www.nsfocus.net/vulndb/36960
Trust: 0.6
url:http://www.cisco.com/en/us/products/ps12363/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114907 // 
            
            
            
            BID: 99223 // 
            
            
            
            JVNDB: JVNDB-2017-005302 // 
            
            
            
            CNNVD: CNNVD-201706-1000 // 
            
            
            
            NVD: CVE-2017-6704

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 99223 // 
            
            
            
            CNNVD: CNNVD-201706-1000

SOURCES
db:VULHUBid:VHN-114907
db:BIDid:99223
db:JVNDBid:JVNDB-2017-005302
db:CNNVDid:CNNVD-201706-1000
db:NVDid:CVE-2017-6704

LAST UPDATE DATE
2024-11-23T22:07:18.954000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114907date:2017-07-07T00:00:00
db:BIDid:99223date:2017-06-21T00:00:00
db:JVNDBid:JVNDB-2017-005302date:2017-07-26T00:00:00
db:CNNVDid:CNNVD-201706-1000date:2017-07-04T00:00:00
db:NVDid:CVE-2017-6704date:2024-11-21T03:30:20.583

SOURCES RELEASE DATE
db:VULHUBid:VHN-114907date:2017-07-04T00:00:00
db:BIDid:99223date:2017-06-21T00:00:00
db:JVNDBid:JVNDB-2017-005302date:2017-07-26T00:00:00
db:CNNVDid:CNNVD-201706-1000date:2017-06-23T00:00:00
db:NVDid:CVE-2017-6704date:2017-07-04T00:29:00.430