CVE-2017-12306

Published: Nov 16, 2017Modified: May 13, 2026

4.4

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process with an upgrade package that the attacker controls. An exploit could allow the attacker to install custom firmware to the Spark Board. Cisco Bug IDs: CSCvf84502.

Affected (1)

Products: Cisco: Conference Director

1 product

Conference Director

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Conference Director	Version 2017-08-15

Related CWEs

Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

References (4)

http://www.securityfocus.com/bid/101914

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-spark

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/101914

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-spark

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.