Vulnerabilities > CVE-2017-6635 - Missing Authorization vulnerability in Cisco Prime Collaboration Provisioning
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
COMPLETE Availability impact
NONE Summary
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to delete any file from the system. Cisco Bug IDs: CSCvc99597.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
| NASL family | CISCO |
| NASL id | CISCO_PRIME_CP_SA-20170517-PCP1.NASL |
| description | According to its self-reported version number, the remote Cisco Prime Collaboration Provisioning server is 9.x, 10.x, 11.x, or 12.x prior to 12.1. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the web interface when handling HTTP requests. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose sensitive information about the application, such as user credentials. (CVE-2017-6621) - An authentication bypass vulnerability exists in the web interface due to missing security restraints in certain HTTP request methods that could allow accessing files. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request, to bypass authentication and execute arbitrary commands with root privileges. (CVE-2017-6622) - A flaw exists in the web interface that allows directory traversal outside of a restricted path due to improper validation of HTTP requests and a failure to apply role-based access controls (RBACs) to requested HTTP URLs. An authenticated, remote attacker can exploit this, via a specially crafted request that uses path traversal, to delete arbitrary files from the system. (CVE-2017-6635) Note that Nessus has not tested for these issues but has instead relied only on the application |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 100323 |
| published | 2017-05-22 |
| reporter | This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/100323 |
| title | Cisco Prime Collaboration Provisioning < 12.1 Multiple Vulnerabilities (cisco-sa-20170517-pcp1 - cisco-sa-20170517-pcp3) |