all InfoSec news
A Vulnerability in Cisco Emergency Responder Could Allow for Arbitrary Code Execution
Center for Internet Security - Multi-State Information Sharing and Analysis Center www.cisecurity.org
A vulnerability has been discovered in Cisco Emergency Responder that could allow for arbitrary code execution on a targeted host. Successful exploitation could allow an unauthenticated remote attacker to log in to the affected system using the root account and execute arbitrary commands. Cisco Emergency Responder is used to enhance the existing emergency 9-1-1 functionality offered by Cisco Unified Communications Manager. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; …
account arbitrary code attacker cisco cisco emergency responder code code execution emergency exploitation host log responder root system unauthenticated vulnerability