Detections
Analytics

Cisco Prime Collaboration Provisioning < 12.1 Multiple Vulnerabilities (cisco-sa-20170517-pcp1 - cisco-sa-20170517-pcp3)

critical Nessus Plugin ID 100323

Language:

Synopsis

The remote network management server is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the remote Cisco Prime Collaboration Provisioning server is 9.x, 10.x, 11.x, or 12.x prior to 12.1. It is, therefore, affected by multiple vulnerabilities :

 - An information disclosure vulnerability exists in the web interface when handling HTTP requests. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose sensitive information about the application, such as user credentials. (CVE-2017-6621)

 - An authentication bypass vulnerability exists in the web interface due to missing security restraints in certain HTTP request methods that could allow accessing files.
 An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request, to bypass authentication and execute arbitrary commands with root privileges. (CVE-2017-6622)

 - A flaw exists in the web interface that allows directory traversal outside of a restricted path due to improper validation of HTTP requests and a failure to apply role-based access controls (RBACs) to requested HTTP URLs. An authenticated, remote attacker can exploit this, via a specially crafted request that uses path traversal, to delete arbitrary files from the system.
 (CVE-2017-6635)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Cisco Prime Collaboration Provisioning version 12.1 or later.

See Also

http://www.nessus.org/u?e00b5d5b

http://www.nessus.org/u?d26be4e8

http://www.nessus.org/u?34619a9c

Plugin Details

Severity: Critical

ID: 100323

File Name: cisco_prime_cp_sa-20170517-pcp1.nasl

Version: 1.6

Type: combined

Family: CISCO

Published: 5/22/2017

Updated: 7/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:prime_collaboration_provisioning, cpe:/a:cisco:prime_collaboration

Required KB Items: Host/Cisco/PrimeCollaborationProvisioning/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/17/2017

Vulnerability Publication Date: 5/17/2017

Reference Information

CVE: CVE-2017-6621, CVE-2017-6622, CVE-2017-6635

BID: 98520, 98522, 98535