CVE-2017-6704

MEDIUM

Cisco Prime Collaboration Provisioning - Path Traversal

Title source: rule

Description

A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99223

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038744

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp2

Scores

CVSS v3 6.5

EPSS 0.0097

EPSS Percentile 76.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (2)

cisco/prime_collaboration_provisioning

n/a/Cisco Prime Collaboration Provisioning Tool < Cisco Prime Collaboration Provisioning Tool

Published Jul 04, 2017

Tracked Since Feb 18, 2026