CVE-2017-6667

Name of the Vulnerable Software and Affected Versions Cisco Context Service software development kit (SDK) version 2.0

Description A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. The issue is due to insufficient input validation in the update mechanism.

Recommendations For version 2.0, update the software to a version that addresses the issue, as the current version is affected by the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.