漏洞标题
N/A
漏洞描述信息
基于Cisco语音操作系统软件平台的 Cisco 协作产品升级机制中的漏洞可能导致无验证的远程攻击者获取受影响设备的未经授权的 elevated 访问。漏洞发生在执行更新升级(RU)或主要协作部署(PCD)迁移的受影响设备上。当更新升级或 PCD 迁移成功完成后,工程标志仍然启用,可能允许已知密码的 root 访问设备。如果受困设备随后使用标准升级方法通过 SFTP 升级到受影响产品的最新工程特别发布、服务更新或新的重要发布,该漏洞将通过该行动修复。注意:安装为 COP 文件的工程特别发布不会修复此漏洞。在受困设备处于可用状态时,能够通过 SFTP 访问的设备的攻击者将获取设备的 root 访问权限。这种访问可能导致攻击者完全控制受影响的系统。Cisco bug ID: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.
CVSS信息
N/A
漏洞类别
认证机制不恰当
漏洞标题
多款Cisco产品授权问题漏洞
漏洞描述信息
Cisco Voice Operating System是美国思科(Cisco)公司的一套语音操作系统。Cisco Unified Communications Manager(UCM)等都是基于Cisco Voice Operating System平台的产品。Cisco Unified Communications Manager(UCM)是一款统一通信系统中的呼叫处理组件。Unified Communication Manager Session Management Edition(SME)是它的
CVSS信息
N/A
漏洞类别
授权问题