CVE-2017-6621

HIGH

Cisco Prime Collaboration Provisioning 10.6-11.5 - Unauthenticated Sensitive Information Exposure via HTTP Request

Title source: llm
STIX 2.1

Description

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases 10.6 through 11.5. Cisco Bug IDs: CSCvc99626.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038508
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98522

Scores

CVSS v3 7.5
EPSS 0.0617
EPSS Percentile 92.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (11)
cisco/prime_collaboration_provisioning 9.0.0
cisco/prime_collaboration_provisioning 9.5.0
cisco/prime_collaboration_provisioning 10.0.0
cisco/prime_collaboration_provisioning 10.5.0
cisco/prime_collaboration_provisioning 10.5.1
cisco/prime_collaboration_provisioning 10.6.0
cisco/prime_collaboration_provisioning 10.6.2
cisco/prime_collaboration_provisioning 11.0.0
cisco/prime_collaboration_provisioning 11.1.0
cisco/prime_collaboration_provisioning 11.5.0
... and 1 more
Published May 18, 2017
Tracked Since Feb 18, 2026