The company explained that in the final QA validation step of the automated software build system for the Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software inadvertently left an internal exploit for the Dirty COW vulnerability (CVE-2016-5195). The purpose of this QA validation step is to make sure the Cisco product contains the required fixes for this vulnerability. This issue affects versions X8.9 to X8.11.3. All affected software images have proactively been removed from the Cisco Software Center and will soon be replaced with fixed software images.
