CVE-2017-12337 Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability (cisco-sa-20171115-vos)

漏洞类别:Cisco

漏洞等级:

漏洞信息

A vulnerability in the upgrade mechanism of Cisco Unified Communications Manager based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device.
The vulnerability occurs when a refresh upgrade or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password.

漏洞危害

An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely.

解决方案

Cisco has released fixes to resolve these vulnerabilities. Refer CSCvg58619 to obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

CSCvg58619

Leave a Reply