N/A

A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker could exploit this vulnerability by manipulating the parameters of the batch action file function. Cisco Bug IDs: CSCvd61766.

N/A

输入验证不恰当

Cisco Prime Collaboration Provisioning Tool 安全漏洞

Cisco Prime Collaboration Provisioning Tool是美国思科（Cisco）公司的一套基于Web的下一代通信服务工具。该工具对IP电话、语音邮件和统一通信环境提供IP通信服务功能。 Cisco Prime Collaboration Provisioning Tool中的batch provisioning功能存在安全漏洞，该漏洞源于程序没有充分的验证BatchFileName和Directory中的参数。远程攻击者可利用该漏洞覆盖系统文件。

N/A

N/A