Vulnerability Name:

CVE-2017-12337 (CCN-134965)

Assigned:2017-11-15
Published:2017-11-15
Updated:2019-10-09
Summary:A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action.
Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-287
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2017-12337

Source: BID
Type: Third Party Advisory, VDB Entry
101865

Source: CCN
Type: BID-101865
Cisco Voice OS CVE-2017-12337 Unauthorized Access Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1039813

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1039814

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1039815

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1039816

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1039817

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1039818

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1039819

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1039820

Source: XF
Type: UNKNOWN
cisco-cve201712337-unauthorized-access(134965)

Source: CCN
Type: Cisco Security Advisory cisco-sa-20171115-vos
Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

Source: CONFIRM
Type: Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:emergency_responder:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:finesse:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:hosted_collaboration_solution:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:mediasense:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:prime_license_manager:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:socialminer:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager:-:*:*:*:session_management:*:*:*
  • OR cpe:/a:cisco:unified_communications_manager_im_and_presence_service:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_contact_center_express:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:-:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:unified_intelligence_center:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:emergency_responder:*:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:socialminer:*:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:prime_license_manager:*:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:finesse:*:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:hosted_collaboration_mediation_fulfillment:*:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:mediasense:*:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unity_connection:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco emergency responder -
    cisco finesse -
    cisco hosted collaboration solution -
    cisco mediasense -
    cisco prime license manager -
    cisco socialminer -
    cisco unified communications manager -
    cisco unified communications manager -
    cisco unified communications manager im and presence service -
    cisco unified contact center express -
    cisco unity connection -
    cisco unified intelligence center -
    cisco emergency responder *
    cisco socialminer *
    cisco prime license manager *
    cisco unified intelligence center *
    cisco finesse *
    cisco unified contact center express *
    cisco hosted collaboration mediation fulfillment *
    cisco mediasense *
    cisco unity connection *