Cisco Unified Communications Products Privilege Escalation Vulnerability
TL;DR 📌
A privilege escalation vulnerability has been identified in multiple Cisco Unified Communications and Contact Center Solutions products. An authenticated local attacker could exploit this vulnerability to gain root access on affected devices. Cisco has released software updates to address this issue, but there are no workarounds available.
What happened 🕵️♂️
A vulnerability in various Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate their privileges to root on an affected device. This vulnerability arises from excessive permissions assigned to system commands, enabling an attacker to execute crafted commands on the underlying operating system. To exploit this vulnerability, administrative access to the ESXi hypervisor is required.
Affected products 🖥️
The following Cisco products are affected by this vulnerability:
- Customer Collaboration Platform (CCP)
- Emergency Responder
- Finesse
- Prime Collaboration Deployment
- Unified Communications Manager (CM)
- Unified Communications Manager IM & Presence Service (IM&P)
- Unified Communications Manager Session Management Edition (CM SME)
- Unified Contact Center Express (CCX)
- Unified Intelligence Center
- Unity Connection
- Virtualized Voice Browser
For detailed information about specific bug IDs, please refer to the advisory.
Fixed software 🔧
Upgrade to at least the first fixed release in your train (or later):
| Product / Release Train | First Fixed Release | Notes |
|---|---|---|
| ISE / ISE-PIC 14 | Migrate to a fixed release. | |
| ISE / ISE-PIC 15 | 15SU2 | |
| ISE / ISE-PIC 12 | Migrate to a fixed release. | |
| ISE / ISE-PIC 15 | Not vulnerable. | |
| ISE / ISE-PIC 1.0 | Initial public release. |
Workarounds 🧯
There are no workarounds available to mitigate this vulnerability.
Risk in context 🎯
The vulnerability has a CVSS score of 5.1, categorized as MEDIUM severity. While this indicates a moderate risk, the potential for an attacker to gain root access on affected devices underscores the importance of applying the recommended software updates promptly.
Fast facts ⚡
- Advisory ID: cisco-sa-cucm-kkhZbHR5
- CVSS Score: 5.1 (MEDIUM)
- Vulnerability Type: Privilege Escalation
- Exploitation Requirement: Administrative access to the ESXi hypervisor
For leadership 🧭
It is crucial for organizations using affected Cisco Unified Communications and Contact Center Solutions products to prioritize the application of the provided software updates. The potential for privilege escalation poses a significant risk to system integrity and data security. Regularly review and update security policies to ensure compliance with the latest advisories and vulnerability management practices.