'Critical' Flaw in Cisco Collab Server
Users at risk of malicious file upload and code execution.
A "highly critical" vulnerability in Cisco's
flagship Collaboration Server could put users at risk of malicious code
execution, the company said in an advisory.
Cisco, which dominates the market for switching and routing equipment used to link networks, said the vulnerability was found in versions of its Cisco Collaboration Server (CCS) that ship with the ServletExec subcomponent.
"Unauthorized users can upload any file and gain administrative privileges," Cisco warned in the advisory posted online.
The Cisco Collaboration Server is used mostly in e-commerce settings to
provide electronic CRM
The CCS can also be used to handle online collaboration features like two-way Web-page sharing, Follow-Me browsing, form sharing and real-time application sharing.