SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (VoIP)  >   Cisco Emergency Responder Vendors:   Cisco
Cisco Emergency Responder Upgrade Error Lets Remote Users Gain Root Access on the Target System
SecurityTracker Alert ID:  1039814
SecurityTracker URL:  http://securitytracker.com/id/1039814
CVE Reference:   CVE-2017-12337   (Links to External Site)
Date:  Nov 16 2017
Impact:   Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco Emergency Responder. A remote user can gain access to the target system.

When a refresh upgrade is performed on a Cisco Voice Operating System (VOS) software platform device, an engineering flag remains enabled. As a result, a remote user can connect to the target device via SFTP and gain root privileges on the target device.

The vendor has assigned bug ID CSCvg55112 to this vulnerability.

Quentin Rhoads-Herrera and Rich Mirch of the State Farm Penetration Testing Team reported this vulnerability.

Impact:   A remote user can gain root access on the target system.
Solution:   The vendor has issued a fix.

The vendor notes that when the system upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release, the vulnerability is corrected.

The vendor also notes that Engineering Special Releases that are installed as COP files do not correct the vulnerability.

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents

Subject:  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC