CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:C/I:C/A:C
EPSS
Percentile
18.7%
A vulnerability in an underlying Android Application Programming Interface (API) utilized by the Cisco Desktop Collaboration Experience DX600 series endpoint could allow an authenticated, local attacker to inject code into the system.
The vulnerability is due to insufficient validation of specific values prior to their use to allocate a buffer. An attacker could exploit this vulnerability by overflowing a buffer. An exploit could allow the attacker to execute arbitrary code with elevated privileges.
Cisco has confirmed this vulnerability in a security notice and released software updates.
To successfully exploit the vulnerability, the attacker would need to authenticate and have local access to the targeted system, which could limit the likelihood of an exploit.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | desktop_collaboration_experience_dx650 | any | cpe:2.3:a:cisco:desktop_collaboration_experience_dx650:any:*:*:*:*:*:*:* |