Advisory ID: cisco-sa-20151104-privmse
Revision 1.0
For Public Release 2015 November 4 16:00 UTC (GMT)
+-----------------------------
Summary
=======
A vulnerability in the installation procedure of the Cisco Mobility Services
Engine (MSE) appliance could allow an authenticated, local attacker to escalate
to the root level.
The vulnerability is due to incorrect installation and permissions settings on
binary files during the MSE physical or virtual appliance install procedure.
An attacker could exploit this vulnerability by logging into the device and
escalating their privileges. A successful exploit could allow the attacker to
acquire root-level privileges and take full control of the device.
Cisco has released software updates that address this vulnerability. There are
no workarounds that mitigate this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/
Komentarų nėra:
Rašyti komentarą