CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:S/C:C/I:C/A:C
EPSS
Percentile
5.1%
A vulnerability in underlying file permissions of specific operating system-level commands of Cisco Unified Communications Manager (Cisco Unified CM) could allow an authenticated, local attacker to gain elevated privileges.
The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by accessing the underlying operating system and manipulating specific command interaction. An exploit could allow the attacker to gain elevated privileges on the Cisco Unified CM node.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
To exploit this vulnerability, an attacker must have local access to the targeted device. This access requirement decreases the likelihood of a successful exploit.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | unified_communications_manager | any | cpe:2.3:a:cisco:unified_communications_manager:any:*:*:*:*:*:*:* |