QwikSec

Security Database

CVE

CWE

Training

CVE-2017-6759

Published: Aug 7, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304.

Vendor	Product	Versions
n/a	Cisco Prime Collaboration Provisioning Tool	affected `Cisco Prime Collaboration Provisioning Tool`

Weaknesses (CWE)

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc90304

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.