Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Cisco Unified Intelligence Center Vendors:   Cisco
Cisco Unified Intelligence Center Upgrade Error Lets Remote Users Gain Root Access on the Target System
SecurityTracker Alert ID:  1039817
SecurityTracker URL:
CVE Reference:   CVE-2017-12337   (Links to External Site)
Date:  Nov 16 2017
Impact:   Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco Unified Intelligence Center. A remote user can gain access to the target system.

When a refresh upgrade is performed on a Cisco Voice Operating System (VOS) software platform device, an engineering flag remains enabled. As a result, a remote user can connect to the target device via SFTP and gain root privileges on the target device.

The vendor has assigned bug ID CSCvg64464 to this vulnerability.

Quentin Rhoads-Herrera and Rich Mirch of the State Farm Penetration Testing Team reported this vulnerability.

Impact:   A remote user can gain root access on the target system.
Solution:   The vendor has issued a fix.

The vendor notes that when the system upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release, the vulnerability is corrected.

The vendor also notes that Engineering Special Releases that are installed as COP files do not correct the vulnerability.

The vendor advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC