Cisco Unified Communications Manager: Privilege Escalation Vulnerability

Users of Cisco Unified Communications Manager please be advised of a Privilege Escalation vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

nSense-2010-003: [nSense-2010-003] Cisco Unified Communications Manager
Affected Product: Cisco Unified Communications Manager
Impact: Privilege Escalation
Technical details
—————————————————————

Cisco Unified Communications Manager contains a setuid binary
which fails to validate command line arguments. A local user
can leverage this vulnerability to gain root access by
supplying suitable arguments to the binary.Read more at http://www.criticalwatch.com

 

Advertisements