Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Multiple Vulnerabilities in Cisco TelePresence Recording Server
Informations
Name cisco-sa-20120711-ctrs First vendor Publication 2012-07-11
Vendor Cisco Last vendor Modification 2012-07-11
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 9 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco TelePresence Recording Server contains the following vulnerabilities:

Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability Cisco TelePresence Web Interface Command Injection Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow a remote, unauthenticated attacker to create a denial of service condition, preventing the product from responding to new connection requests and potentially causing some services and processes to crash.

Exploitation of the Cisco TelePresence Web Interface Command Injection may allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges.

Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.

Cisco has released updated software that resolves the command and code execution vulnerabilities. There are currently no plans to resolve the malformed IP packets denial of service vulnerability, as this product is no longer being actively supported.

There are no workarounds that mitigate these vulnerabilities.

Customers should contact their Cisco Sales Representative to determine the Business Unit responsible for their Cisco TelePresence Recording Server.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAk/9izAACgkQUddfH3/BbTpgpwD/TQOz5H0BG4ogU7mv8ZnqT69E bgkxiXeO+2F8ogOPR/gA/iVsXNVK3OOeTYTZx5VCTqjGdtn/QRPNjUFyv5vu/OOH =wEHe END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-94 Failure to Control Generation of Code ('Code Injection')
50 % CWE-78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 42
Application 1
Application 68
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 2
Hardware 1
Hardware 1
Hardware 1
Hardware 1

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-07-19 IAVM : 2012-B-0070 - Multiple Vulnerabilities in Cisco TelePresence
Severity : Category I - VMSKEY : V0033371

Nessus® Vulnerability Scanner

Date Description
2013-09-20 Name : The remote host is missing a vendor-supplied security patch.
File : cisco-sa-20120711-ctms.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2013-11-11 12:37:30
  • Multiple Updates
2013-02-06 19:08:00
  • Multiple Updates