CVE-2017-6794

Name of the Vulnerable Software and Affected Versions Cisco Meeting Server versions prior to and including 2.2

Description A vulnerability in the CLI command-parsing code could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The issue is due to insufficient validation of user-supplied input at the CLI for certain commands. An attacker could exploit this by submitting a crafted CLI command for execution at the Cisco Meeting Server CLI, potentially allowing them to perform command injection and escalate their privilege level to root.

Recommendations For versions prior to and including 2.2, update to a version later than 2.2 to resolve the issue. As a temporary workaround, consider restricting access to the CLI and ensuring that only trusted administrators have access to the application.