How severe is CVE-2017-6622?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2017-6622?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2017-6622

CRITICAL Year: 2017

CVSS v3 Score

9.8

Critical

CVSS v2 Score

10.0

Critical

Weakness Type

CWE-264

View all →

Vulnerability Description

A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724.

CVE-2013-0422

CRITICAL

CVSS:9.8(Critical)

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a ...

CWE-2642013

CVE-2013-4451

CRITICAL

CVSS:9.8(Critical)

gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repo...

CWE-2642013

CVE-2014-0073

CRITICAL

CVSS:9.8(Critical)

The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through...

CWE-2642014

CVE-2014-10054

CRITICAL

CVSS:9.8(Critical)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A,...

CWE-2642014

CVE-2014-10057

CRITICAL

CVSS:9.8(Critical)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, S...

CWE-2642014

CVE-2014-2552

CRITICAL

CVSS:9.8(Critical)

Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data.

CWE-2642014

CVE-2017-6622

Vulnerability Description

Related Vulnerabilities

CVE-2013-0422

CVE-2013-4451

CVE-2014-0073

CVE-2014-10054

CVE-2014-10057

CVE-2014-2552