CVE-2017-6704
MEDIUMCisco Prime Collaboration Provisioning Tool - Authenticated Arbitrary File Download via Path Traversal
Title source: llmDescription
A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038744
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99223
Scores
CVSS v3
6.5
EPSS
0.0299
EPSS Percentile
85.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
cisco/prime_collaboration_provisioning
12.1
n/a/Cisco Prime Collaboration Provisioning Tool
Cisco Prime Collaboration Provisioning Tool
Published
Jul 04, 2017
Tracked Since
Feb 18, 2026