CVE-2017-6759

medium

Cisco

CVSS v3 Base Score

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Score

0.3%

Exploitation probability in 30 days

Top 50% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

None

Integrity

High

Availability

None

Published: August 7, 2017 (3202 days ago)

Last Modified: May 13, 2026

Vendor: Cisco

Source: NVD

Description

A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304.

CWE

CWE-20

Affected Products

cisco prime collaboration provisioning

References

🔗 www.securitytracker.com 🔗 quickview.cloudapps.cisco.com 🔗 tools.cisco.com 🔗 www.securitytracker.com 🔗 quickview.cloudapps.cisco.com

CVE-2017-6759

Vulnerability Report

Description

CWE

Affected Products

References