What is the severity of CVE-2017-6622?

CVE-2017-6622 has a critical severity rating due to its potential for remote command injection with root privileges.

How do I fix CVE-2017-6622?

To mitigate CVE-2017-6622, update Cisco Prime Collaboration Provisioning to a patched version provided by Cisco.

Which versions of Cisco Prime Collaboration Provisioning are affected by CVE-2017-6622?

CVE-2017-6622 affects Cisco Prime Collaboration Provisioning versions 9.0.0, 9.5.0, 10.0.0, 10.5.0, 10.5.1, 10.6.0, 10.6.2, 11.0.0, 11.1.0, and 11.5.0.

Can CVE-2017-6622 be exploited remotely?

Yes, CVE-2017-6622 can be exploited by an unauthenticated remote attacker.

What is the impact of CVE-2017-6622 on Cisco devices?

The impact of CVE-2017-6622 is that it allows remote command injection leading to potential unauthorized access at root level.

Vulnerability/
CVE-2017-6622

critical

CWE

862 264 77

18/5/2017

3/10/2019

CVE-2017-6622: Command Injection

First published: Thu May 18 2017(Updated: )

A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Prime Collaboration Provisioning	=9.0.0
Cisco Prime Collaboration Provisioning	=9.5.0
Cisco Prime Collaboration Provisioning	=10.0.0
Cisco Prime Collaboration Provisioning	=10.5.0
Cisco Prime Collaboration Provisioning	=10.5.1
Cisco Prime Collaboration Provisioning	=10.6.0
Cisco Prime Collaboration Provisioning	=10.6.2
Cisco Prime Collaboration Provisioning	=11.0.0
Cisco Prime Collaboration Provisioning	=11.1.0
Cisco Prime Collaboration Provisioning	=11.5.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-6622?
CVE-2017-6622 has a critical severity rating due to its potential for remote command injection with root privileges.
How do I fix CVE-2017-6622?
To mitigate CVE-2017-6622, update Cisco Prime Collaboration Provisioning to a patched version provided by Cisco.
Which versions of Cisco Prime Collaboration Provisioning are affected by CVE-2017-6622?
CVE-2017-6622 affects Cisco Prime Collaboration Provisioning versions 9.0.0, 9.5.0, 10.0.0, 10.5.0, 10.5.1, 10.6.0, 10.6.2, 11.0.0, 11.1.0, and 11.5.0.
Can CVE-2017-6622 be exploited remotely?
Yes, CVE-2017-6622 can be exploited by an unauthenticated remote attacker.
What is the impact of CVE-2017-6622 on Cisco devices?
The impact of CVE-2017-6622 is that it allows remote command injection leading to potential unauthorized access at root level.

agent/weakness
agent/references
agent/severity
agent/author
agent/type
agent/description
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco prime collaboration provisioning
version/cisco prime collaboration provisioning/9.0.0
version/cisco prime collaboration provisioning/9.5.0
version/cisco prime collaboration provisioning/10.0.0
version/cisco prime collaboration provisioning/10.5.0
version/cisco prime collaboration provisioning/10.5.1
version/cisco prime collaboration provisioning/10.6.0
version/cisco prime collaboration provisioning/10.6.2
version/cisco prime collaboration provisioning/11.0.0
version/cisco prime collaboration provisioning/11.1.0
version/cisco prime collaboration provisioning/11.5.0

Frequently Asked Questions

What is the severity of CVE-2017-6622?
CVE-2017-6622 has a critical severity rating due to its potential for remote command injection with root privileges.
How do I fix CVE-2017-6622?
To mitigate CVE-2017-6622, update Cisco Prime Collaboration Provisioning to a patched version provided by Cisco.
Which versions of Cisco Prime Collaboration Provisioning are affected by CVE-2017-6622?
CVE-2017-6622 affects Cisco Prime Collaboration Provisioning versions 9.0.0, 9.5.0, 10.0.0, 10.5.0, 10.5.1, 10.6.0, 10.6.2, 11.0.0, 11.1.0, and 11.5.0.
Can CVE-2017-6622 be exploited remotely?
Yes, CVE-2017-6622 can be exploited by an unauthenticated remote attacker.
What is the impact of CVE-2017-6622 on Cisco devices?
The impact of CVE-2017-6622 is that it allows remote command injection leading to potential unauthorized access at root level.

CVE-2017-6622: Command Injection

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-6622?

How do I fix CVE-2017-6622?

Which versions of Cisco Prime Collaboration Provisioning are affected by CVE-2017-6622?

Can CVE-2017-6622 be exploited remotely?

What is the impact of CVE-2017-6622 on Cisco devices?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2017-6622?

How do I fix CVE-2017-6622?

Which versions of Cisco Prime Collaboration Provisioning are affected by CVE-2017-6622?

Can CVE-2017-6622 be exploited remotely?

What is the impact of CVE-2017-6622 on Cisco devices?