Sign-up

ID

VAR-201709-1084


CVE

CVE-2017-6792


TITLE

Cisco Prime Collaboration Provisioning Tool Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-007830

DESCRIPTION

A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker could exploit this vulnerability by manipulating the parameters of the batch action file function. Cisco Bug IDs: CSCvd61766. Vendors have confirmed this vulnerability Bug ID CSCvd61766 It is released as.Information may be tampered with. Attackers can overwrite arbitrary files on an unsuspecting user's computer in the context of the vulnerable application. The tool provides IP communications services capabilities for IP telephony, voice mail, and unified communications environments

Trust: 1.98

sources: NVD: CVE-2017-6792 // JVNDB: JVNDB-2017-007830 // BID: 100666 // VULHUB: VHN-114995

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration provisioningscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:prime collaboration provisioningscope: - version: -

Trust: 0.8

vendor:ciscomodel:prime collaborationscope:eqversion:12.1

Trust: 0.3

sources: BID: 100666 // JVNDB: JVNDB-2017-007830 // CNNVD: CNNVD-201709-217 // NVD: CVE-2017-6792

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6792
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6792
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201709-217
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114995
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6792
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114995
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6792
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114995 // JVNDB: JVNDB-2017-007830 // CNNVD: CNNVD-201709-217 // NVD: CVE-2017-6792

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-114995 // JVNDB: JVNDB-2017-007830 // NVD: CVE-2017-6792

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-217

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 100666 // CNNVD: CNNVD-201709-217

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007830

PATCH
title:cisco-sa-20170906-pcpturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt
Trust: 0.8
title:Cisco Prime Collaboration Provisioning Tool Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74573
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-007830 // 
            
            
            
            CNNVD: CNNVD-201709-217

EXTERNAL IDS
db:NVDid:CVE-2017-6792
Trust: 2.8
db:BIDid:100666
Trust: 2.0
db:SECTRACKid:1039279
Trust: 1.7
db:JVNDBid:JVNDB-2017-007830
Trust: 0.8
db:CNNVDid:CNNVD-201709-217
Trust: 0.7
db:VULHUBid:VHN-114995
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114995 // 
            
            
            
            BID: 100666 // 
            
            
            
            JVNDB: JVNDB-2017-007830 // 
            
            
            
            CNNVD: CNNVD-201709-217 // 
            
            
            
            NVD: CVE-2017-6792

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170906-pcpt
Trust: 2.0
url:http://www.securityfocus.com/bid/100666
Trust: 1.7
url:http://www.securitytracker.com/id/1039279
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6792
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6792
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114995 // 
            
            
            
            BID: 100666 // 
            
            
            
            JVNDB: JVNDB-2017-007830 // 
            
            
            
            CNNVD: CNNVD-201709-217 // 
            
            
            
            NVD: CVE-2017-6792

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 100666

SOURCES
db:VULHUBid:VHN-114995
db:BIDid:100666
db:JVNDBid:JVNDB-2017-007830
db:CNNVDid:CNNVD-201709-217
db:NVDid:CVE-2017-6792

LAST UPDATE DATE
2024-11-23T21:53:42.670000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114995date:2019-10-09T00:00:00
db:BIDid:100666date:2017-09-06T00:00:00
db:JVNDBid:JVNDB-2017-007830date:2017-10-03T00:00:00
db:CNNVDid:CNNVD-201709-217date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6792date:2024-11-21T03:30:32.303

SOURCES RELEASE DATE
db:VULHUBid:VHN-114995date:2017-09-07T00:00:00
db:BIDid:100666date:2017-09-06T00:00:00
db:JVNDBid:JVNDB-2017-007830date:2017-10-03T00:00:00
db:CNNVDid:CNNVD-201709-217date:2017-09-12T00:00:00
db:NVDid:CVE-2017-6792date:2017-09-07T21:29:00.847