Sign-up

ID

VAR-201708-1346


CVE

CVE-2017-6756


TITLE

Cisco Prime Collaboration Provisioning Tool Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2017-006808

DESCRIPTION

A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks. An attacker could exploit this vulnerability by forcing the user's browser to perform any action authorized for that user. Cisco Bug IDs: CSCvc90280. Vendors have confirmed this vulnerability Bug ID CSCvc90280 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Exploiting this issue allows a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. The tool provides IP communications services capabilities for IP telephony, voice mail, and unified communications environments

Trust: 2.07

sources: NVD: CVE-2017-6756 // JVNDB: JVNDB-2017-006808 // BID: 100112 // VULHUB: VHN-114959 // VULMON: CVE-2017-6756

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:12.2

Trust: 1.6

vendor:ciscomodel:prime collaboration provisioningscope:lteversion:12.2

Trust: 0.8

vendor:ciscomodel:prime collaboration provisioning toolscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime collaborationscope:eqversion:12.1

Trust: 0.3

sources: BID: 100112 // JVNDB: JVNDB-2017-006808 // CNNVD: CNNVD-201708-131 // NVD: CVE-2017-6756

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6756
value: HIGH

Trust: 1.0

NVD: CVE-2017-6756
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201708-131
value: HIGH

Trust: 0.6

VULHUB: VHN-114959
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-6756
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6756
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-114959
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6756
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114959 // VULMON: CVE-2017-6756 // JVNDB: JVNDB-2017-006808 // CNNVD: CNNVD-201708-131 // NVD: CVE-2017-6756

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-114959 // JVNDB: JVNDB-2017-006808 // NVD: CVE-2017-6756

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-131

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201708-131

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006808

PATCH
title:cisco-sa-20170802-pcpt1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt1
Trust: 0.8
title:Cisco Prime Collaboration Provisioning tool Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72373
Trust: 0.6
title:Cisco: Cisco Prime Collaboration Provisioning Tool Pervasive Cross-Site Request Forgery Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170802-pcpt1
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-6756 // 
            
            
            
            JVNDB: JVNDB-2017-006808 // 
            
            
            
            CNNVD: CNNVD-201708-131

EXTERNAL IDS
db:NVDid:CVE-2017-6756
Trust: 2.9
db:BIDid:100112
Trust: 2.1
db:SECTRACKid:1039061
Trust: 1.8
db:JVNDBid:JVNDB-2017-006808
Trust: 0.8
db:CNNVDid:CNNVD-201708-131
Trust: 0.7
db:VULHUBid:VHN-114959
Trust: 0.1
db:VULMONid:CVE-2017-6756
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114959 // 
            
            
            
            VULMON: CVE-2017-6756 // 
            
            
            
            BID: 100112 // 
            
            
            
            JVNDB: JVNDB-2017-006808 // 
            
            
            
            CNNVD: CNNVD-201708-131 // 
            
            
            
            NVD: CVE-2017-6756

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170802-pcpt1
Trust: 2.2
url:http://www.securityfocus.com/bid/100112
Trust: 1.9
url:http://www.securitytracker.com/id/1039061
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6756
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6756
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/352.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114959 // 
            
            
            
            VULMON: CVE-2017-6756 // 
            
            
            
            BID: 100112 // 
            
            
            
            JVNDB: JVNDB-2017-006808 // 
            
            
            
            CNNVD: CNNVD-201708-131 // 
            
            
            
            NVD: CVE-2017-6756

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 100112 // 
            
            
            
            CNNVD: CNNVD-201708-131

SOURCES
db:VULHUBid:VHN-114959
db:VULMONid:CVE-2017-6756
db:BIDid:100112
db:JVNDBid:JVNDB-2017-006808
db:CNNVDid:CNNVD-201708-131
db:NVDid:CVE-2017-6756

LAST UPDATE DATE
2024-11-23T21:53:49.219000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114959date:2019-10-09T00:00:00
db:VULMONid:CVE-2017-6756date:2019-10-09T00:00:00
db:BIDid:100112date:2017-08-03T00:00:00
db:JVNDBid:JVNDB-2017-006808date:2017-09-04T00:00:00
db:CNNVDid:CNNVD-201708-131date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6756date:2024-11-21T03:30:27.487

SOURCES RELEASE DATE
db:VULHUBid:VHN-114959date:2017-08-07T00:00:00
db:VULMONid:CVE-2017-6756date:2017-08-07T00:00:00
db:BIDid:100112date:2017-08-03T00:00:00
db:JVNDBid:JVNDB-2017-006808date:2017-09-04T00:00:00
db:CNNVDid:CNNVD-201708-131date:2017-08-04T00:00:00
db:NVDid:CVE-2017-6756date:2017-08-07T06:29:00.450