SSL: Cisco Prime Collaboration Provisioning Arbitrary File Deletion
An arbitrary file deletion vulnerability has been reported in Cisco Prime Collaboration Provisioning. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation results in the deletion of arbitrary files from the target system.
Extended Description
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to delete any file from the system. Cisco Bug IDs: CSCvc99618.
Affected Products
Cisco prime_collaboration_provisioning
Short Name
SSL:VULN:CISCO-PRIME-FILEDEL
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
SSL
Keywords
Arbitrary CVE-2017-6637 Cisco Collaboration Deletion File Prime Provisioning
Release Date
11/23/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Cisco
CVSS Score
4.0