Cisco has released updates for its Prime Collaboration Provisioning software to address critical and high severity vulnerabilities that can be exploited remotely without authentication.
The flaws were reported to Cisco by Andrea Micalizzi (aka rgod) through Trend Micro’s Zero Day Initiative (ZDI). Micalizzi, one of ZDI’s top contributors, was credited on Wednesday by the networking giant for finding a total of five vulnerabilities in its Prime Collaboration Provisioning product, which provides a web-based interface for managing Cisco communication services.
The most serious of the flaws, rated critical and tracked as CVE-2017-6622, allows a remote, unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges.
“The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application,” Cisco said in its advisory.
Micalizzi also discovered a high severity information disclosure vulnerability (CVE-2017-6621) in the Prime Collaboration Provisioning software. The weakness can be exploited by a remote attacker, via specially crafted HTTP requests, to obtain information that can be useful in the reconnaissance phase of an attack.
Users have been advised to update the software to versions 11.6 and 12.1 or later to address these vulnerabilities.
Cisco has also published advisories describing medium severity directory traversal vulnerabilities found by the researcher in the Prime Collaboration Provisioning software. These bugs can be leveraged to view and delete files from the system, but they are considered less severe as they can only be exploited by an authenticated attacker.
Cisco said there was no evidence that any of these flaws had been exploited in the wild.
Cisco published nearly two dozen advisories on Wednesday, but most of them cover medium severity issues. There are only two other advisories describing high severity flaws, including a directory traversal that allows a remote attacker to read files from the Cisco TelePresence IX5000 Series filesystem.
A privilege escalation vulnerability in the Cisco Policy Suite (CPS) software has also been rated high severity, but it can only be exploited by an authenticated, local attacker.