Test Kennung:	1.3.6.1.4.1.25623.1.0.811050
Kategorie:	CISCO
Titel:	Cisco Prime Provisioning Multiple Vulnerabilities - May17
Zusammenfassung:	cisco prime collaboration provisioning is prone to multiple vulnerabilities.
Beschreibung:	Summary: cisco prime collaboration provisioning is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - Missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. - The affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. Vulnerability Impact: Successful exploitation will allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. Also an authenticated remote attacker can delete any file from an affected system. Affected Software/OS: Cisco Prime Collaboration Provisioning Software Releases 9.0.0, 9.5.0, 10.0.0, 10.5.0, 10.5.1 and 10.6 through 11.5 Solution: Upgrade to Cisco Prime Collaboration Provisioning Software Release 12.1 or later. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 98520 BugTraq ID: 98535 Common Vulnerability Exposure (CVE) ID: CVE-2017-6622 http://www.securityfocus.com/bid/98520 https://www.exploit-db.com/exploits/42888/ http://www.securitytracker.com/id/1038507 Common Vulnerability Exposure (CVE) ID: CVE-2017-6635 http://www.securityfocus.com/bid/98535 http://www.securitytracker.com/id/1038514
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.