Cisco Bug: CSCut19546 - Script injection vulnerability in CUCM
May 04, 2018
- Cisco Unified Communications Manager (CallManager)
Known Affected Releases
10.0(1.10000.24) 10.5(2.10000.5) 9.1(2.10000.28)
Symptom: A vulnerability in the local read file of the Cisco Unified Communications Manager could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user, if they have already obtained sensitive information from the system The vulnerability is due to a failure to properly sanitize user input. An attacker could exploit this vulnerability by inserting Linux shell commands into a parameter using common techniques. A successful exploit could allow the attacker to execute any command on the Linux shell as the root user. Conditions: Device configured with default configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases