Cisco Unified Communications Manager Operating System-Level Privilege Escalation Vulnerability

A vulnerability in underlying file permissions of specific operating system-level commands of Cisco Unified Communications Manager (Cisco Unified CM) could allow an authenticated, local attacker to gain elevated privileges.

The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by accessing the underlying operating system and manipulating specific command interaction. An exploit could allow the attacker to gain elevated privileges on the Cisco Unified CM node.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit this vulnerability, an attacker must have local access to the targeted device. This access requirement decreases the likelihood of a successful exploit.