← volver
CVE-2017-6621

CVE-2017-6621

EPSS 6.2%CWE-200
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 6.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
18 may 2017Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases 10.6 through 11.5. Cisco Bug IDs: CSCvc99626.
Productos afectados
n/a · Cisco Prime Collaboration

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp2http://www.securityfocus.com/bid/98522http://www.securitytracker.com/id/1038508