Signature Verification Bypass in Cisco Spark Board
CVE-2017-12306

4.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Spark Board
Vendor: CVE Published:; 16 November 2017

Summary

A vulnerability exists in the upgrade process of Cisco Spark Board, which could allow an authenticated local attacker to install unverified upgrade packages. This issue arises from insufficient validation of upgrade packages, enabling an attacker to provide a malicious package and potentially install custom firmware on the device. This poses significant risks to the integrity of the hardware and software environment of the Spark Board.

Affected Version(s)

Cisco Spark Board Cisco Spark Board

References

http://www.securityfocus.com/bid/101914

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 16, 2017
Vulnerability Reserved
Aug 3, 2017