Cisco Desktop Collaboration Experience DX600 Series Potential Code Injection Vulnerability

A vulnerability in an underlying Android Application Programming Interface (API) utilized by the Cisco Desktop Collaboration Experience DX600 series endpoint could allow an authenticated, local attacker to inject code into the system.

The vulnerability is due to insufficient validation of specific values prior to their use to allocate a buffer. An attacker could exploit this vulnerability by overflowing a buffer. An exploit could allow the attacker to execute arbitrary code with elevated privileges.

Cisco has confirmed this vulnerability in a security notice and released software updates.

To successfully exploit the vulnerability, the attacker would need to authenticate and have local access to the targeted system, which could limit the likelihood of an exploit.