{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-27T21:48:03.183","vulnerabilities":[{"cve":{"id":"CVE-2017-12337","sourceIdentifier":"psirt@cisco.com","published":"2017-11-16T07:29:01.023","lastModified":"2025-07-31T15:03:24.870","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797."},{"lang":"es","value":"Una vulnerabilidad en el mecanismo de actualización de productos de colaboración de Cisco basados en la plataforma de software Cisco Voice Operating System podría permitir que un atacante remoto no autenticado obtenga acceso elevado no autorizado a un dispositivo afectado. La vulnerabilidad ocurre cuando un refresh upgrade (RU) o una migración Prime Collaboration Deployment (PCD) se realiza en un dispositivo afectado. Cuando un refresh upgrade o una migración PCD se completa con éxito, una marca de ingeniería se mantiene habilitada y podría permitir el acceso root al dispositivo con una contraseña conocida. Si el dispositivo vulnerable se actualiza empleando el método de actualización estándar a un Engineering Special Release, la actualización del servicio o una nueva actualización del producto afectado, esta vulnerabilidad se remedia mediante tal acción. Nota: Los Engineering Special Release que se instalan como archivos COP, a diferencia del método de actualización estándar, no remedian esta vulnerabilidad. Un atacante que pueda acceder a un dispositivo afectado mediante SFTP mientras se encuentre en un estado vulnerable podría obtener acceso root al dispositivo. Este acceso podría permitir que el atacante comprometa completamente el sistema afectado. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:emergency_responder:-:*:*:*:*:*:*:*","matchCriteriaId":"B3342DE3-F98B-48CF-9416-FA8D7F062E65"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:finesse:-:*:*:*:*:*:*:*","matchCriteriaId":"8F343F98-1100-489F-B34C-480F7898A240"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:hosted_collaboration_solution:-:*:*:*:*:*:*:*","matchCriteriaId":"F8A8E190-1846-44ED-9572-D80D71A433DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:mediasense:-:*:*:*:*:*:*:*","matchCriteriaId":"9B0A2D56-3667-438C-A367-4DB74F72507B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:prime_license_manager:-:*:*:*:*:*:*:*","matchCriteriaId":"6EE11E45-1A8C-497C-A1B1-ED695E812CA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:socialminer:-:*:*:*:*:*:*:*","matchCriteriaId":"5C9A9B36-D4E2-4578-9BB9-3CCD008AE628"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_communications_manager:-:*:*:*:*:*:*:*","matchCriteriaId":"395232C7-93D5-4877-A726-32E5BAFAF812"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_communications_manager:-:*:*:*:session_management:*:*:*","matchCriteriaId":"863C456D-EE60-49F8-AFB0-795EA29CD93D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:-:*:*:*:*:*:*:*","matchCriteriaId":"16991CD6-A32F-4891-B6B6-41D050FC1412"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_contact_center_express:-:*:*:*:*:*:*:*","matchCriteriaId":"444F1581-0CD5-40B9-8C9E-0E428E6D75C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_intelligence_center:-:*:*:*:*:*:*:*","matchCriteriaId":"3270ADFF-27F5-4972-AB44-FA2882486B16"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:-:*:*:*:*:*:*:*","matchCriteriaId":"0368C678-72A4-4F48-B31D-77A6BDAAC4DE"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/101865","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039813","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039814","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039815","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039816","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039817","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039818","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039819","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039820","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/101865","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039813","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039814","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039815","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039816","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039817","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039818","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039819","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039820","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}