Published: 16/11/2017 Updated: 09/10/2019

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 4.4 | Impact Score: 3.6 | Exploitability Score: 0.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local malicious user to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process with an upgrade package that the attacker controls. An exploit could allow the malicious user to install custom firmware to the Spark Board. Cisco Bug IDs: CSCvf84502.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco conference director 2017-08-15

A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package The vulnerability is due to insufficient upgrade package validation An attacker could exploit this vulnerability by providing the upgrade process with an upgrade package that the attacker controls An ...

CWE-494 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-spark http://www.securityfocus.com/bid/101914 https://nvd.nist.gov https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-spark

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-12306

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect