CVE-2017-6704: Path Traversal
First published: Tue Jul 04 2017(Updated: )
A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Prime Collaboration Provisioning | =12.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-6704?
CVE-2017-6704 is classified as a high-severity vulnerability because it allows remote attackers to perform arbitrary file downloads.
How do I fix CVE-2017-6704?
To fix CVE-2017-6704, you should update to the latest version of Cisco Prime Collaboration Provisioning that addresses the vulnerability.
Who is affected by CVE-2017-6704?
CVE-2017-6704 affects users of Cisco Prime Collaboration Provisioning version 12.1.
What type of attack can be executed using CVE-2017-6704?
CVE-2017-6704 can be exploited to perform arbitrary file downloads, potentially allowing attackers to read files from the underlying filesystem.
Is CVE-2017-6704 a remote vulnerability?
Yes, CVE-2017-6704 allows an authenticated remote attacker to exploit the vulnerability.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco prime collaboration provisioning
- version/cisco prime collaboration provisioning/12.1