Vulnerability identifier: #VU13
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-306
Exploitation vector: Local
Exploit availability: No
Description
The vulnerability allows a local user to obtain elevated privileges.
The vulnerability exists due to software error when enforcing permissions for mounted filesystem. A local user can read or modify arbitrary files on the vulnerable device.
Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges.
Mitigation
Patch for this vulnerability is available through Cisco Bug Search Tool.
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ipp
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.