CVE-2017-6756
https://notcve.org/view.php?id=CVE-2017-6756
A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks. An attacker could exploit this vulnerability by forcing the user's browser to perform any action authorized for that user. Cisco Bug IDs: CSCvc90280. Una vulnerabilidad en la aplicación de interfaz de usuario web de Cisco Prime Collaboration Provisioning Tool en su versión 12.2 podría permitir que un atacante remoto sin autenticar ejecute acciones no deseadas. • http://www.securityfocus.com/bid/100112 http://www.securitytracker.com/id/1039061 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-6755
https://notcve.org/view.php?id=CVE-2017-6755
A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc90312. Known Affected Releases: 12.1. Una vulnerabilidad en el portal web de Cisco Prime Collaboration Provisioning (PCP) Tool podría permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de dicha interfaz web en el sistema afectado. Más información: CSCvc90312. • http://www.securityfocus.com/bid/99878 http://www.securitytracker.com/id/1038960 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-pcpt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-6706
https://notcve.org/view.php?id=CVE-2017-6706
A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1. Una vulnerabilidad en el subsistema de registro de la herramienta Prime Collaboration Provisioning de Cisco, podría permitir a un atacante local no identificado adquirir información confidencial. Más información: CSCvd07260. • http://www.securityfocus.com/bid/99204 http://www.securitytracker.com/id/1038744 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-6705
https://notcve.org/view.php?id=CVE-2017-6705
A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. More Information: CSCvc82973. Known Affected Releases: 12.1. Una vulnerabilidad en el sistema de archivos de la herramienta Prime Collaboration Provisioning de Cisco, podría permitir a un atacante local identificado adquirir información confidencial. Más información: CSCvc82973. • http://www.securityfocus.com/bid/99206 http://www.securitytracker.com/id/1038744 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-6704
https://notcve.org/view.php?id=CVE-2017-6704
A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1. Una vulnerabilidad en la aplicación web en la herramienta Prime Collaboration Provisioning de Cisco, podría permitir a un atacante remoto identificado conducir descargas de archivos arbitrarias que podrían permitir que el atacante lea archivos del sistema de archivos subyacente. Más información: CSCvc90335. • http://www.securityfocus.com/bid/99223 http://www.securitytracker.com/id/1038744 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •