CVE-2017-6792

medium

Published 2017-09-07 · Modified 2026-05-13

CVSS v3

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v2

8.5

VIR risk

6.5

Description

A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker could exploit this vulnerability by manipulating the parameters of the batch action file function. Cisco Bug IDs: CSCvd61766.

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt

Application impact

Vendor	Product	Versions	Fixed
cisco	prime_collaboration_provisioning	`-`

References

http://www.securityfocus.com/bid/100666
http://www.securitytracker.com/id/1039279
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt
http://www.securityfocus.com/bid/100666
http://www.securitytracker.com/id/1039279
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.