CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6703
https://notcve.org/view.php?id=CVE-2017-6703
A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. More Information: CSCvc90346. Known Affected Releases: 12.1. Una vulnerabilidad en la aplicación web en la herramienta Prime Collaboration Provisioning de Cisco, podría permitir a un atacante remoto no identificado secuestrar la sesión de otro usuario. Más información: CSCvc90346. • http://www.securityfocus.com/bid/99224 http://www.securitytracker.com/id/1038744 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp1 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6659
https://notcve.org/view.php?id=CVE-2017-6659
A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800. Known Affected Releases: 11.5(0) 11.6. Una vulnerabilidad en la interfaz de administración basada en web de Prime Collaboration Assurance de Cisco, podría permitir a un atacante remoto no identificado conducir un ataque de tipo cross-site request forgery (CSRF) y realizar acciones arbitrarias en un dispositivo afectado. Más información: CSCvc91800. • http://www.securityfocus.com/bid/98970 http://www.securitytracker.com/id/1038633 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-pca • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 8%CPEs: 10EXPL: 0CVE-2017-6635 – Cisco Prime Collaboration Provisioning licensestatus Directory Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2017-6635
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to delete any file from the system. Cisco Bug IDs: CSCvc99597. • http://www.securityfocus.com/bid/98535 http://www.securitytracker.com/id/1038514 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp3 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 2%CPEs: 8EXPL: 0CVE-2017-6636 – Cisco Prime Collaboration Provisioning Logs Directory Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-6636
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to view any file on the system. Cisco Bug IDs: CSCvc99604. • http://www.securityfocus.com/bid/98526 http://www.securitytracker.com/id/1038515 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-6637 – Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2017-6637
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to delete any file from the system. Cisco Bug IDs: CSCvc99618. • http://www.securityfocus.com/bid/98530 http://www.securitytracker.com/id/1038515 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp5 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •