N/A

A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304.

N/A

输入验证不恰当

Cisco Prime Collaboration Provisioning Tool UpgradeManager 输入验证漏洞

Cisco Prime Collaboration Provisioning Tool是美国思科（Cisco）公司的一套基于Web的下一代通信服务工具。该工具对IP电话、语音邮件和统一通信环境提供IP通信服务功能。UpgradeManager是其中的一个升级管理器。 Cisco Prime Collaboration Provisioning Tool 12.1版本中的UpgradeManager存在安全漏洞，该漏洞源于程序没有充分的验证输入。远程攻击者可利用该漏洞以root权限写入任意文件。

N/A

N/A