Executive Summary
Summary | |
---|---|
Title | Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices |
Informations | |||
---|---|---|---|
Name | cisco-sa-20120711-cts | First vendor Publication | 2012-07-11 |
Vendor | Cisco | Last vendor Modification | 2012-07-11 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco TelePresence Endpoint devices contain the following vulnerabilities: Cisco TelePresence API Remote Command Execution Vulnerability Cisco TelePresence Remote Command Execution Vulnerability Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability Exploitation of the API Remote Command Execution vulnerability could allow an unauthenticated, adjacent attacker to inject commands into API requests. The injected commands will be executed by the underlying operating system in an elevated context. Exploitation of the Remote Command Execution vulnerability could allow an authenticated, remote attacker to inject commands into requests made to the Administrative Web interface. The injected commands will be executed by the underlying operating system in an elevated context. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAk/9lu0ACgkQUddfH3/BbTqlngD/QXo0Y0ds6xqOEA9HjbtVmqCB u3xsHxnWro9ApV48wVoA/RTrZe8zBeFxEHss91AYC3bYXbTGltCP91audYSv6LUc =PjIb END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25) |
33 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-07-19 | IAVM : 2012-B-0070 - Multiple Vulnerabilities in Cisco TelePresence Severity : Category I - VMSKEY : V0033371 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-09-20 | Name : The remote host is missing a vendor-supplied security patch. File : cisco-sa-20120711-ctms.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-11-11 12:37:30 |
|
2013-02-06 19:08:00 |
|