Home Unlabelled Cisco TelePresence Video Communication Server (VCS) Expressway Privilege Escalation Vulnerability

Cisco TelePresence Video Communication Server (VCS) Expressway Privilege Escalation Vulnerability

By
Tuesday, October 06, 2015
Read
Add Comment
A vulnerability in the process management code of the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an authenticated, local attacker to run arbitrary programs with elevated privileges.

The vulnerability is due to the failure to protect a supervised process. An attacker could exploit this vulnerability by completing a series of steps that ultimately allows a lower-privileged process to be restarted with root privilege. An attacker would need to crash a firestarter.py supervised process before the privilege is escalated after the process is restarted. A successful exploit could allow the attacker to gain elevated privileges on the device, which could result in a complete system compromise.

Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
http://ift.tt/1NjthQW

from Cisco Security Advisory http://ift.tt/1NjthQW
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us