You are here
Home > Preporuke > Ranjivost Cisco Prime Collaboration Provisioning proizvoda

Ranjivost Cisco Prime Collaboration Provisioning proizvoda

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability

Advisory ID: cisco-sa-20170517-pcp2

Revision: 1.0

For Public Release: 2017 May 17 16:00 GMT

Last Updated: 2017 May 17 16:00 GMT

CVE ID(s): CVE-2017-6621

CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

+———————————————————————

Summary
=======
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks.

The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp2 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp2”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZHHQnZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmILA//bLbelAZUtwMwROj/
Gtzm1/TOhi3Pb1nMQeGYkb6pnNhNFA5BHQQEHd3N39rV9uAcFLAbD+/qVTEYxsNv
TBmUZNkYwbNt6basDMdTnPAfIg4a9rqNsKoPmfNiwtHM3++WgmEnaPA+fre0rdr7
KrnQ5CemVGwy5Xyl4vXuqm5ImP3pt1ASFTTVSkOudjxz0GzsZ1a7BT92In7YkWVL
vJe5ECVRItD4464Zymzw8GNVUj7ceUcOlBnzmGOq+BNt4bWn3zdqQTzzC1Sl0why
pdd5ded0aVkg6hRMbNQMQJzxVQsySDNTJ/6kYpuv4MHgReHfktzY0n3tcGsEiGUW
W8M5au1HMyX5N2XzY6OoV3AAEO75o4yyuF4Cv4KWCghTEj2CM+Q/nfa0cKDHDgak
6AkWMTo9a5a+fvFwGVm1wGJxQMPQ9nMVSROKVtXSKVatoAqaJiRtnVgjncNmql79
4uvpqXpLdKxhRxJMs46XMzVSV6vwa5+ivPvKX4SATd4l4shWwiacvNzzA1t64egB
lkeVBqx5+f71tnz7zMrNO3Dl972pKVo1YATFLYMa/lZ5WC6PBWi/3+1WhPp3Ga0y
3C/363A/Zc1WEcl7Gwnmh5sfMuvhV85KEbwr4KpppZGEYaJG8cAG3FyCh8L2ItIS
8U7169O6Y/qYdC6Ml/mqHE7o9LY=
=JUXS
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

Top
More in Preporuke
Ranjivost Cisco Prime Collaboration Provisioning proizvoda

Otkrivena je ranjivost u web sučelju Cisco Prime Collaboration Provisioning proizvoda uzrokovana manjkom sigurnosnih ograničenja u određenim metodama HTTP zahtjeva....

Close