CVE-2017-6759
MEDIUMCisco Prime Collaboration Provisioning Tool 12.1 - Authenticated Arbitrary File Write via Upgrade Package Installation
Title source: llmDescription
A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039062
Vendor Advisory x_refsource_confirm
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc90304
Scores
CVSS v3
6.5
EPSS
0.0154
EPSS Percentile
72.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (2)
cisco/prime_collaboration_provisioning
12.1
n/a/Cisco Prime Collaboration Provisioning Tool
Cisco Prime Collaboration Provisioning Tool
Published
Aug 07, 2017
Tracked Since
Feb 18, 2026