A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root.The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker could exploit this vulnerability by manipulating the parameters of the batch action file function.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2j3GENp
A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root.The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker could exploit this vulnerability by manipulating the parameters of the batch action file function.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2j3GENp
Security Impact Rating: Medium
CVE: CVE-2017-6792
from Cisco Security Advisory http://ift.tt/2j3GENp
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.