Cisco Unified Communications Manager Privilege Escalation Vulnerability

A vulnerability in Cisco Unified Communications Manager (Unified CM) could allow an authenticated, local attacker to escalate privileges on the system.

The vulnerability is due to improper file permissions on a privileged system binary. An attacker could exploit this vulnerability by modifying a system script, which could allow the attacker to gain complete control of the affected system.

Proof-of-concept code that demonstrates an exploit of this vulnerability is publicly available.

Cisco has confirmed the vulnerability in a security advisory; however, software updates are not available.

To exploit this vulnerability, an attacker must authenticate to a targeted device. Authenticated access may require the attacker to access trusted, internal networks. These access requirements could limit the likelihood of a successful exploit.