SB2017090705 - Two vulnerabilities in Cisco Prime Collaboration Provisioning
Published: September 7, 2017
Security Bulletin ID
SB2017090705
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2017-6793)
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the system.The weakness exists in the Inventory Management feature due to insufficient protection of restricted information. A remote attacker can access unauthorized information via the user interface.
2) Improper input validation (CVE-ID: CVE-2017-6792)
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the system.The weakness exists in the batch provisioning feature due to lack of input validation of the parameters in BatchFileName and Directory. A remote attacker can manipulate the parameters of the batch action file function and overwrite system files as root.
Remediation
Install update from vendor's website.