CVE-2017-6704

MEDIUM

Cisco Prime Collaboration Provisioning Tool - Authenticated Arbitrary File Download via Path Traversal

Title source: llm
STIX 2.1

Description

A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038744
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99223

Scores

CVSS v3 6.5
EPSS 0.0299
EPSS Percentile 85.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (2)
cisco/prime_collaboration_provisioning 12.1
n/a/Cisco Prime Collaboration Provisioning Tool Cisco Prime Collaboration Provisioning Tool
Published Jul 04, 2017
Tracked Since Feb 18, 2026