CVE-2017-12337 (GCVE-0-2017-12337)

Vulnerability from cvelistv5 – Published: 2017-11-16 07:00 – Updated: 2024-08-05 18:36
VLAI?
Summary
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.
Severity ?
No CVSS data available.
CWE
Assigner
References
http://www.securityfocus.com/bid/101865 vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039815 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1039817 vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/C… x_refsource_CONFIRM
http://www.securitytracker.com/id/1039814 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1039818 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1039819 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1039820 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1039813 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1039816 vdb-entryx_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a Cisco Voice Operating System Affected: Cisco Voice Operating System
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:36:56.360Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "101865",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101865"
          },
          {
            "name": "1039815",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039815"
          },
          {
            "name": "1039817",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039817"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos"
          },
          {
            "name": "1039814",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039814"
          },
          {
            "name": "1039818",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039818"
          },
          {
            "name": "1039819",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039819"
          },
          {
            "name": "1039820",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039820"
          },
          {
            "name": "1039813",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039813"
          },
          {
            "name": "1039816",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039816"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Voice Operating System",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Voice Operating System"
            }
          ]
        }
      ],
      "datePublic": "2017-11-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-17T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "101865",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101865"
        },
        {
          "name": "1039815",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039815"
        },
        {
          "name": "1039817",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039817"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos"
        },
        {
          "name": "1039814",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039814"
        },
        {
          "name": "1039818",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039818"
        },
        {
          "name": "1039819",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039819"
        },
        {
          "name": "1039820",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039820"
        },
        {
          "name": "1039813",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039813"
        },
        {
          "name": "1039816",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039816"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12337",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Voice Operating System",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Voice Operating System"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "101865",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101865"
            },
            {
              "name": "1039815",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039815"
            },
            {
              "name": "1039817",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039817"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos"
            },
            {
              "name": "1039814",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039814"
            },
            {
              "name": "1039818",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039818"
            },
            {
              "name": "1039819",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039819"
            },
            {
              "name": "1039820",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039820"
            },
            {
              "name": "1039813",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039813"
            },
            {
              "name": "1039816",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039816"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-12337",
    "datePublished": "2017-11-16T07:00:00",
    "dateReserved": "2017-08-03T00:00:00",
    "dateUpdated": "2024-08-05T18:36:56.360Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:emergency_responder:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3342DE3-F98B-48CF-9416-FA8D7F062E65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:finesse:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F343F98-1100-489F-B34C-480F7898A240\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:hosted_collaboration_solution:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8A8E190-1846-44ED-9572-D80D71A433DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:mediasense:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B0A2D56-3667-438C-A367-4DB74F72507B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_license_manager:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6EE11E45-1A8C-497C-A1B1-ED695E812CA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:socialminer:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C9A9B36-D4E2-4578-9BB9-3CCD008AE628\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"395232C7-93D5-4877-A726-32E5BAFAF812\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:-:*:*:*:session_management:*:*:*\", \"matchCriteriaId\": \"863C456D-EE60-49F8-AFB0-795EA29CD93D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16991CD6-A32F-4891-B6B6-41D050FC1412\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_contact_center_express:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"444F1581-0CD5-40B9-8C9E-0E428E6D75C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unity_connection:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0368C678-72A4-4F48-B31D-77A6BDAAC4DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:unified_intelligence_center:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4AF08793-199C-4729-9765-059678A5BE77\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el mecanismo de actualizaci\\u00f3n de productos de colaboraci\\u00f3n de Cisco basados en la plataforma de software Cisco Voice Operating System podr\\u00eda permitir que un atacante remoto no autenticado obtenga acceso elevado no autorizado a un dispositivo afectado. La vulnerabilidad ocurre cuando un refresh upgrade (RU) o una migraci\\u00f3n Prime Collaboration Deployment (PCD) se realiza en un dispositivo afectado. Cuando un refresh upgrade o una migraci\\u00f3n PCD se completa con \\u00e9xito, una marca de ingenier\\u00eda se mantiene habilitada y podr\\u00eda permitir el acceso root al dispositivo con una contrase\\u00f1a conocida. Si el dispositivo vulnerable se actualiza empleando el m\\u00e9todo de actualizaci\\u00f3n est\\u00e1ndar a un Engineering Special Release, la actualizaci\\u00f3n del servicio o una nueva actualizaci\\u00f3n del producto afectado, esta vulnerabilidad se remedia mediante tal acci\\u00f3n. Nota: Los Engineering Special Release que se instalan como archivos COP, a diferencia del m\\u00e9todo de actualizaci\\u00f3n est\\u00e1ndar, no remedian esta vulnerabilidad. Un atacante que pueda acceder a un dispositivo afectado mediante SFTP mientras se encuentre en un estado vulnerable podr\\u00eda obtener acceso root al dispositivo. Este acceso podr\\u00eda permitir que el atacante comprometa completamente el sistema afectado. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.\"}]",
      "id": "CVE-2017-12337",
      "lastModified": "2024-11-21T03:09:19.983",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-11-16T07:29:01.023",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/101865\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039813\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039814\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039815\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039816\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039817\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039818\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039819\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039820\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/101865\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039813\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039814\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039815\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039816\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039817\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039818\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039819\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039820\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-12337\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2017-11-16T07:29:01.023\",\"lastModified\":\"2025-07-31T15:03:24.870\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el mecanismo de actualizaci\u00f3n de productos de colaboraci\u00f3n de Cisco basados en la plataforma de software Cisco Voice Operating System podr\u00eda permitir que un atacante remoto no autenticado obtenga acceso elevado no autorizado a un dispositivo afectado. La vulnerabilidad ocurre cuando un refresh upgrade (RU) o una migraci\u00f3n Prime Collaboration Deployment (PCD) se realiza en un dispositivo afectado. Cuando un refresh upgrade o una migraci\u00f3n PCD se completa con \u00e9xito, una marca de ingenier\u00eda se mantiene habilitada y podr\u00eda permitir el acceso root al dispositivo con una contrase\u00f1a conocida. Si el dispositivo vulnerable se actualiza empleando el m\u00e9todo de actualizaci\u00f3n est\u00e1ndar a un Engineering Special Release, la actualizaci\u00f3n del servicio o una nueva actualizaci\u00f3n del producto afectado, esta vulnerabilidad se remedia mediante tal acci\u00f3n. Nota: Los Engineering Special Release que se instalan como archivos COP, a diferencia del m\u00e9todo de actualizaci\u00f3n est\u00e1ndar, no remedian esta vulnerabilidad. Un atacante que pueda acceder a un dispositivo afectado mediante SFTP mientras se encuentre en un estado vulnerable podr\u00eda obtener acceso root al dispositivo. Este acceso podr\u00eda permitir que el atacante comprometa completamente el sistema afectado. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:emergency_responder:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3342DE3-F98B-48CF-9416-FA8D7F062E65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:finesse:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F343F98-1100-489F-B34C-480F7898A240\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:hosted_collaboration_solution:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8A8E190-1846-44ED-9572-D80D71A433DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:mediasense:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B0A2D56-3667-438C-A367-4DB74F72507B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_license_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EE11E45-1A8C-497C-A1B1-ED695E812CA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:socialminer:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C9A9B36-D4E2-4578-9BB9-3CCD008AE628\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"395232C7-93D5-4877-A726-32E5BAFAF812\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:-:*:*:*:session_management:*:*:*\",\"matchCriteriaId\":\"863C456D-EE60-49F8-AFB0-795EA29CD93D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16991CD6-A32F-4891-B6B6-41D050FC1412\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"444F1581-0CD5-40B9-8C9E-0E428E6D75C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3270ADFF-27F5-4972-AB44-FA2882486B16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity_connection:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0368C678-72A4-4F48-B31D-77A6BDAAC4DE\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/101865\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039813\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039814\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039815\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039816\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039817\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039818\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039819\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039820\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/101865\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039813\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039814\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039815\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039817\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039818\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039819\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039820\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.