CVE-2017-12337
published 2017-11-16CVE-2017-12337: A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an…
PriorityP268critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
6.44%
92.9th percentile
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | voice_operating_system-based_products_unauthorized_access | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated or unexpected SFTP connections to Cisco Voice Operating System-based devices, which may indicate exploitation attempts leveraging the known root password left active after a refresh upgrade or PCD migration. ↗
- →Detect devices in a vulnerable state by checking whether a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration was recently completed without a subsequent standard upgrade — the engineering flag remains enabled post-migration. ↗
- →Note that Engineering Special Releases installed as COP files do NOT remediate the vulnerability; audit upgrade method used to confirm remediation status. ↗
- ·The vulnerability is introduced specifically after a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration — devices that have not undergone these processes are not affected by this specific post-upgrade flag condition. ↗
- ·Remediation via standard upgrade (Engineering Special Release, service update, or new major release) closes the vulnerability, but COP file-based Engineering Special Release installs do NOT. ↗
- ·Root access is possible using a *known* (static/hardcoded) password when the engineering flag is active — this is not a brute-force scenario but a fixed credential exposure. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rg7v-73fx-2hfh: A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an un
ghsa_unreviewed·2022-05-13
CVE-2017-12337 [CRITICAL] CWE-287 GHSA-rg7v-73fx-2hfh: A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an un
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering S
Cisco
Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability
vendor_cisco·2017-11-16·CVSS 9.8
CVE-2017-12337 [CRITICAL] CWE-287 Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability
Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device.
The vulnerability occurs when a refresh upgrade or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password.
If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected p
Cisco
Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-12337 Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability
CVE-2017-12337: Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of t
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/101865http://www.securitytracker.com/id/1039813http://www.securitytracker.com/id/1039814http://www.securitytracker.com/id/1039815http://www.securitytracker.com/id/1039816http://www.securitytracker.com/id/1039817http://www.securitytracker.com/id/1039818http://www.securitytracker.com/id/1039819http://www.securitytracker.com/id/1039820https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-voshttp://www.securityfocus.com/bid/101865http://www.securitytracker.com/id/1039813http://www.securitytracker.com/id/1039814http://www.securitytracker.com/id/1039815http://www.securitytracker.com/id/1039816http://www.securitytracker.com/id/1039817http://www.securitytracker.com/id/1039818http://www.securitytracker.com/id/1039819http://www.securitytracker.com/id/1039820https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos
2017-11-16
Published