CVE-2017-6756
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks. An attacker could exploit this vulnerability by forcing the user's browser to perform any action authorized for that user. Cisco Bug IDs: CSCvc90280.
Una vulnerabilidad en la aplicación de interfaz de usuario web de Cisco Prime Collaboration Provisioning Tool en su versión 12.2 podría permitir que un atacante remoto sin autenticar ejecute acciones no deseadas. La vulnerabilidad se debe a la poca defensa contra ataques de Cross-Site Request Forgery (CSRF). Un atacante podría explotar esta vulnerabilidad obligando al navegador del usuario a que lleve a cabo cualquier acción autorizada para este. Cisco Bug IDs: CSCvc90280.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-03-09 CVE Reserved
- 2017-08-07 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/100112 | Third Party Advisory | |
http://www.securitytracker.com/id/1039061 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt1 | 2019-10-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Prime Collaboration Provisioning Search vendor "Cisco" for product "Prime Collaboration Provisioning" | 12.2 Search vendor "Cisco" for product "Prime Collaboration Provisioning" and version "12.2" | - |
Affected
|