CVE-2017-6785
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of proper Role Based Access Control (RBAC) when certain user configuration changes are requested. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to the targeted application. An exploit could allow the attacker to impact the integrity of the application where one user can modify the configuration of another user's information. Cisco Bug IDs: CSCve27331. Known Affected Releases: 10.5(2.10000.5), 11.0(1.10000.10), 11.5(1.10000.6).
Una vulnerabilidad en la validación de permisos de modificación de configuración en Cisco Unified Communications Manager podría permitir que un atacante remoto autenticado realice una escalada horizontal de privilegios en la que un usuario puede modificar la configuración de otro usuario. La vulnerabilidad se debe a la falta de un control de acceso basado en roles o RBAC (role-based access control) apropiado, en el que se requieren ciertos cambios de la configuración del usuario. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición HTTP manipulada a la aplicación objetivo. Un exploit podría permitir que el atacante afecte la integridad de la aplicación, ya que un usuario puede modificar la configuración de la información de otro usuario. Cisco Bug IDs: CSCve27331. Versiones afectadas conocidas: 10.5(2.10000.5), 11.0(1.10000.10), 11.5(1.10000.6).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-03-09 CVE Reserved
- 2017-08-17 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/100375 | Third Party Advisory | |
http://www.securitytracker.com/id/1039184 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-ucm | 2017-08-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 10.5\(2.10000.5\) Search vendor "Cisco" for product "Unified Communications Manager" and version "10.5\(2.10000.5\)" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 11.0\(1.10000.10\) Search vendor "Cisco" for product "Unified Communications Manager" and version "11.0\(1.10000.10\)" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 11.5\(1.10000.6\) Search vendor "Cisco" for product "Unified Communications Manager" and version "11.5\(1.10000.6\)" | - |
Affected
|