{"containers": {"cna": {"affected": [{"product": "Cisco Prime Collaboration Provisioning Tool", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Prime Collaboration Provisioning Tool"}]}], "datePublic": "2017-08-07T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks. An attacker could exploit this vulnerability by forcing the user's browser to perform any action authorized for that user. Cisco Bug IDs: CSCvc90280."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T09:57:02.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "100112", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100112"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt1"}, {"name": "1039061", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039061"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-6756", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Prime Collaboration Provisioning Tool", "version": {"version_data": [{"version_value": "Cisco Prime Collaboration Provisioning Tool"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks. An attacker could exploit this vulnerability by forcing the user's browser to perform any action authorized for that user. Cisco Bug IDs: CSCvc90280."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352"}]}]}, "references": {"reference_data": [{"name": "100112", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100112"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt1", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt1"}, {"name": "1039061", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039061"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:41:17.104Z"}, "title": "CVE Program Container", "references": [{"name": "100112", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100112"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt1"}, {"name": "1039061", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039061"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-6756", "datePublished": "2017-08-07T06:00:00.000Z", "dateReserved": "2017-03-09T00:00:00.000Z", "dateUpdated": "2024-08-05T15:41:17.104Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_collaboration_provisioning:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "44E5419B-485B-4A5E-88E8-15013CF0F891", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks. An attacker could exploit this vulnerability by forcing the user's browser to perform any action authorized for that user. Cisco Bug IDs: CSCvc90280."}, {"lang": "es", "value": "Una vulnerabilidad en la aplicaci\u00f3n de interfaz de usuario web de Cisco Prime Collaboration Provisioning Tool en su versi\u00f3n 12.2 podr\u00eda permitir que un atacante remoto sin autenticar ejecute acciones no deseadas. La vulnerabilidad se debe a la poca defensa contra ataques de Cross-Site Request Forgery (CSRF). Un atacante podr\u00eda explotar esta vulnerabilidad obligando al navegador del usuario a que lleve a cabo cualquier acci\u00f3n autorizada para este. Cisco Bug IDs: CSCvc90280."}], "id": "CVE-2017-6756", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-07T06:29:00.450", "references": [{"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100112"}, {"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039061"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100112"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039061"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt1"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "psirt@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}