Medium severity4.4NVD Advisory· Published Nov 16, 2017· Updated May 13, 2026

CVE-2017-12306

Description

A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process with an upgrade package that the attacker controls. An exploit could allow the attacker to install custom firmware to the Spark Board. Cisco Bug IDs: CSCvf84502.

Affected products

Cisco Systems, Inc./Conference Director
cpe:2.3:a:cisco:conference_director:2017-08-15:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/101914nvdThird Party AdvisoryVDB Entry
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-sparknvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.286
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000