CVE-2017-6621

{"id": "CVE-2017-6621", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-05-18T19:29:00.203", "references": [{"url": "http://www.securityfocus.com/bid/98522", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1038508", "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp2", "tags": ["VDB Entry"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases 10.6 through 11.5. Cisco Bug IDs: CSCvc99626."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz web de Prime Collaboration Provisioning de Cisco podr\u00eda permitir a un atacante no autenticado remoto acceder a datos confidenciales. El atacante podr\u00eda usar esta informaci\u00f3n para conducir ataques de reconocimiento adicionales. La vulnerabilidad es debido a una protecci\u00f3n insuficiente de los datos confidenciales cuando se responde a una petici\u00f3n HTTP en la interfaz web. Un atacante podr\u00eda explotar la vulnerabilidad mediante el env\u00edo de una petici\u00f3n HTTP dise\u00f1ada a la aplicaci\u00f3n para acceder a archivos espec\u00edficos del sistema. Una vulnerabilidad podr\u00eda permitirle al atacante obtener informaci\u00f3n confidencial sobre la aplicaci\u00f3n que podr\u00eda incluir las credenciales del usuario. Esta vulnerabilidad afecta a Prime Collaboration Provisioning versiones de software desde 10.6 hasta 11.5 de Cisco. IDs de Bug de Cisco: CSCvc99626."}], "lastModified": "2017-07-08T01:29:13.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_collaboration_provisioning:9.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23FBBA67-3E61-4C29-AE29-DA9AC85B130E"}, {"criteria": "cpe:2.3:a:cisco:prime_collaboration_provisioning:9.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADD5C349-0CCD-4182-8B41-CB199868A318"}, {"criteria": "cpe:2.3:a:cisco:prime_collaboration_provisioning:10.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8B93578-B8CF-4977-B2D6-3F2420391008"}, {"criteria": "cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08D10D0F-159A-4C2A-9ECE-4C55ADE37298"}, {"criteria": "cpe:2.3:a:cisco:prime_collaboration_provisioning:10.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D2B13F1-A983-446D-8698-B562801B320B"}, {"criteria": "cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00D29AB4-BF27-4366-9CC1-060B8C97067A"}, {"criteria": "cpe:2.3:a:cisco:prime_collaboration_provisioning:10.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF0F423A-8552-4406-8E42-3C417AEB4A0B"}, {"criteria": "cpe:2.3:a:cisco:prime_collaboration_provisioning:11.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F05F7FBB-870A-4978-9F6F-E896472E53AA"}, {"criteria": "cpe:2.3:a:cisco:prime_collaboration_provisioning:11.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DF611EA-218D-4231-A7AA-1F795132F90E"}, {"criteria": "cpe:2.3:a:cisco:prime_collaboration_provisioning:11.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31DC57C2-8870-4663-830F-C6209F47DF06"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}