|CVSS SCORE||6.9, (AV:L/AC:M/Au:N/C:C/I:C/A:C)|
The specific flaw exists in the access control that the product installer sets on the product's binaries. This allows any local user to replace the product's binaries with malicious replacements. An attacker can leverage this vulnerability to escalate privileges to the level of some other user of the system, such as an administrator.
Cisco has issued an update to correct this vulnerability. More details can be found at:
This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.
02/07/18 - ZDI reported vulnerability to Vendor
|CREDIT||Simon Zuckerbraun of Trend Micro Zero Day Initiative