A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process with an upgrade package that the attacker controls. An exploit could allow the attacker to install custom firmware to the Spark Board. Cisco Bug IDs: CSCvf84502.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2017-11-16T07:00:00
Updated: 2024-08-05T18:36:54.514Z
Reserved: 2017-08-03T00:00:00
Link: CVE-2017-12306
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-11-16T07:29:00.540
Modified: 2024-11-21T03:09:16.450
Link: CVE-2017-12306
Redhat
No data.