'Critical' Flaw in Cisco Collab Server
Users at risk of malicious file upload and code execution.
A "highly critical" vulnerability in Cisco's
flagship Collaboration Server could put users at risk of malicious code
execution, the company said in an advisory.
Cisco, which dominates the market for switching and routing equipment used to link networks, said the vulnerability was found in versions of its Cisco Collaboration Server (CCS) that ship with the ServletExec subcomponent.
"Unauthorized users can upload any file and gain administrative privileges," Cisco warned in the advisory posted online.
The vulnerability affects CCS (prior to 5.0) using a ServletExec version prior to 3.0E. Independent research firm Secunia has tagged the flaw with a "highly critical" rating because it can be exploited to gain system access from remote locations.
The Cisco Collaboration Server is used mostly in e-commerce settings to
provide electronic CRM
The CCS can also be used to handle online collaboration features like two-way Web-page sharing, Follow-Me browsing, form sharing and real-time application sharing.