Test ID:	1.3.6.1.4.1.25623.1.0.811050
Category:	CISCO
Title:	Cisco Prime Provisioning Multiple Vulnerabilities (May 2017)
Summary:	cisco prime collaboration provisioning is prone to multiple vulnerabilities.
Description:	Summary: cisco prime collaboration provisioning is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - Missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. - The affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. Vulnerability Impact: Successful exploitation will allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. Also an authenticated remote attacker can delete any file from an affected system. Affected Software/OS: Cisco Prime Collaboration Provisioning Software Releases 9.0.0, 9.5.0, 10.0.0, 10.5.0, 10.5.1 and 10.6 through 11.5 Solution: Upgrade to Cisco Prime Collaboration Provisioning Software Release 12.1 or later. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6622 BugTraq ID: 98520 http://www.securityfocus.com/bid/98520 https://www.exploit-db.com/exploits/42888/ http://www.securitytracker.com/id/1038507 Common Vulnerability Exposure (CVE) ID: CVE-2017-6635 BugTraq ID: 98535 http://www.securityfocus.com/bid/98535 http://www.securitytracker.com/id/1038514
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.