[c-nsp] Cisco Security Advisory: Cisco Mobility Services Engine Privilege Escalation Vulnerability

Cisco Systems Product Security Incident Response Team psirt at cisco.com
Wed Nov 4 11:07:40 EST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Mobility Services Engine Privilege Escalation Vulnerability

Advisory ID: cisco-sa-20151104-privmse

Revision 1.0

For Public Release 2015 November 4 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the installation procedure of the Cisco Mobility Services 
Engine (MSE) appliance could allow an authenticated, local attacker to escalate
to the root level.

The vulnerability is due to incorrect installation and permissions settings on 
binary files during the MSE physical or virtual appliance install procedure. 
An attacker could exploit this vulnerability by logging into the device and 
escalating their privileges. A successful exploit could allow the attacker to 
acquire root-level privileges and take full control of the device.

Cisco has released software updates that address this vulnerability. There are 
no workarounds that mitigate this vulnerability. 

This advisory is available at the following link: 

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-privmse

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVjU+z4pI1I6i1Mx3AQLKVQ/+NHVg7BVSp9DqjQq6vnGkIaXMMbYmhPSY
TGhJPy4EWX/8qYvb3Y6Ag+mKs3+xZsxT1zS7HpTtbQ5uRlz4MJp11LB7Nh1KFQ9k
nMNlmPj9ulTYbfCAb3aaEAkHZXgt9vQBT47lzvW1/ytRsfXft+jiOL7+PS77UND1
clJ4Uc7WLupqzPz34hHGkhSlj/HL1/Kc6ojWvVAFNSVA1Qlefnuo3wX/dRD6cTSV
oJwTOVZoMCuOBdVZls1cNAABy54uOVzuOOzYoZ1bPKk3wZgMjQb8dfK7ue31ROp8
IGgdN1DLS0yNy/wF3RyW9rCDr/F/zeit+XzEzuVLRTqf/g1vqVODo5F5IT8Io92t
rdVN/ffgdHEJkLLtBHTSSOc9KzBadibJwf425ZKiYffOewQCQ9ErdBPvUgRO9vhY
3IZEK+OhmbW3t4BdOot2ofNXJex4KM1pICICEtLYY2vdigaYkcIM6NrIiSaxsrBk
ntR2ZSx/87qjqfCqiimMAqmFTnPwl8MxbY9cd7rJIx39dky6QTtPZGzNb0dpvie0
jbFQDO+HA61MLs/S2GHGjjwICXwJ6nox8bv6sFC3GI2y1RqXYCX+faMYCWauG/DZ
zQZVj7v1dvOykvHqIj/eyyUzCeps2ERZEJ+OPg6i6DWjIC52cM7xlqcmXj5Jp1ql
UzWQnbxVuWg=
=sDqr
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list