How severe is CVE-2017-6637?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2017-6637?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2017-6637 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to delete any file from the system. Cisco Bug IDs: CSCvc99618.

Related Vulnerabilities

CVE-2014-0229

MEDIUM

CVSS:6.5(Medium)

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownData...

CWE-2642014

CVE-2014-1889

MEDIUM

CVSS:6.5(Medium)

The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.

CWE-2642014

CVE-2014-8540

MEDIUM

CVSS:6.5(Medium)

The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.

CWE-2642014

CVE-2014-9503

MEDIUM

CVSS:6.5(Medium)

The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging impr...

CWE-2642014

CVE-2015-4082

MEDIUM

CVSS:6.5(Medium)

attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive informat...

CWE-2642015

CVE-2015-5167

MEDIUM

CVSS:6.5(Medium)

The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.

CWE-2642015