-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Mobility Services Engine Privilege Escalation Vulnerability Advisory ID: cisco-sa-20151104-privmse Revision 1.0 For Public Release 2015 November 4 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the installation procedure of the Cisco Mobility Services Engine (MSE) appliance could allow an authenticated, local attacker to escalate to the root level. The vulnerability is due to incorrect installation and permissions settings on binary files during the MSE physical or virtual appliance install procedure. An attacker could exploit this vulnerability by logging into the device and escalating their privileges. A successful exploit could allow the attacker to acquire root-level privileges and take full control of the device. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-privmse -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iQIVAwUBVjU+z4pI1I6i1Mx3AQLKVQ/+NHVg7BVSp9DqjQq6vnGkIaXMMbYmhPSY TGhJPy4EWX/8qYvb3Y6Ag+mKs3+xZsxT1zS7HpTtbQ5uRlz4MJp11LB7Nh1KFQ9k nMNlmPj9ulTYbfCAb3aaEAkHZXgt9vQBT47lzvW1/ytRsfXft+jiOL7+PS77UND1 clJ4Uc7WLupqzPz34hHGkhSlj/HL1/Kc6ojWvVAFNSVA1Qlefnuo3wX/dRD6cTSV oJwTOVZoMCuOBdVZls1cNAABy54uOVzuOOzYoZ1bPKk3wZgMjQb8dfK7ue31ROp8 IGgdN1DLS0yNy/wF3RyW9rCDr/F/zeit+XzEzuVLRTqf/g1vqVODo5F5IT8Io92t rdVN/ffgdHEJkLLtBHTSSOc9KzBadibJwf425ZKiYffOewQCQ9ErdBPvUgRO9vhY 3IZEK+OhmbW3t4BdOot2ofNXJex4KM1pICICEtLYY2vdigaYkcIM6NrIiSaxsrBk ntR2ZSx/87qjqfCqiimMAqmFTnPwl8MxbY9cd7rJIx39dky6QTtPZGzNb0dpvie0 jbFQDO+HA61MLs/S2GHGjjwICXwJ6nox8bv6sFC3GI2y1RqXYCX+faMYCWauG/DZ zQZVj7v1dvOykvHqIj/eyyUzCeps2ERZEJ+OPg6i6DWjIC52cM7xlqcmXj5Jp1ql UzWQnbxVuWg= =sDqr -----END PGP SIGNATURE-----
