|Number of vulnerabilities||1|
Cisco Emergency Responder
Other software / Other software solutions
Cisco Unified Communications Manager
Server applications / Other server solutions
Cisco Unified Communications Manager Session Management Edition
Server applications / Remote management servers, RDP, SSH
Cisco Unity Connection
Client/Desktop applications / Messaging software
|Vendor||Cisco Systems, Inc|
This security bulletin contains one low risk vulnerability.
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to the affected application does not properly restrict the files that are being used for upgrades. A remote administrator can use a specially crafted upgrade file and elevate privileges to root.Mitigation
Install updates from vendor's website.Vulnerable software versions
Cisco Emergency Responder: 12.5.1SU4 - 14SU3
Cisco Unified Communications Manager: 12.5.1SU8
Cisco Unified Communications Manager Session Management Edition: 12.5.1SU8
Cisco Unity Connection: 12.5.1SU6 - 14SU3Fixed software versions
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?