CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2017-12337

CVSS 9.8v3.0pub. 2017-11-16upd. 2026-05-13

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cisco Emergency Responder

    APP
    Cisco
    wszystkie wersje
  • Cisco Finesse

    APP
    Cisco
    wszystkie wersje
  • Cisco Hosted Collaboration Solution

    APP
    Cisco
    wszystkie wersje
  • Cisco Mediasense

    APP
    Cisco
    wszystkie wersje
  • Cisco Prime License Manager

    APP
    Cisco
    wszystkie wersje
  • Cisco Socialminer

    APP
    Cisco
    wszystkie wersje
  • Cisco Unified Communications Manager

    APP
    Cisco
    wszystkie wersje
  • Cisco Unified Communications Manager Im And Presence Service

    APP
    Cisco
    wszystkie wersje
  • Cisco Unified Contact Center Express

    APP
    Cisco
    wszystkie wersje
  • Cisco Unified Intelligence Center

    APP
    Cisco
    wszystkie wersje
  • Cisco Unity Connection

    APP
    Cisco
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-20358CRITICAL9.4PL ✓ten sam produkt

Cisco Unified CCX: pominięcie uwierzytelnienia w CCX Editor (RCE)

CVE-2025-20354CRITICAL9.8PL ✓ten sam produkt

RCE z uprawnieniami root w Cisco Unified Contact Center Express (Java RMI)

CVE-2025-20309CRITICAL10.0PL ✓ten sam produkt

Cisco Unified CM — statyczne dane logowania root umożliwiają pełne przejęcie systemu

CVE-2024-20253CRITICAL9.9PL ✓ten sam produkt

RCE w produktach Cisco Unified Communications — eskalacja do root

CVE-2023-20101CRITICAL9.8ten sam produkt

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an a...