9 - cisco-sa-20150513-tp

A vulnerability in the web framework of multiple Cisco TelePresence products could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. Administrative privileges are required in order to access the affected parameter. A successful exploit could allow an attacker to execute system commands with the privileges of the root user.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp

BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJVU3TLAAoJEIpI1I6i1Mx3jecP/3kHeHdA/61g2gSFRTRQf2xL uIwAlCtJvxc7t7Wojrvo575D0Fn0QKXAlONaNkbLJ4g2NPrt+cTUejjFf1HbtEPL 9jUeiDbxS0b6ieIr/B9w8GXuVRSkPoxWNokWDWgog8hs5AZdp+b8pdK80K+SG3wP SZd8yUbY+t6zRYDw3i1ZnVUeE72rpfzO2KpauoHjyuWHi6NcfQeZr1ZfNAeLaq23 t041gPynTUuyM95Wz0QWQhUXAVNaDHcHdNZ3Gg31lBxS2r9Phmm5OgJ9aVx129rm 2LO9aQLFL+v0shwY6LSo/3GzUWtZmbn/SzsXHb7vyfPzBwfv+E8enkZj2QCA+7Ob A9e9t3rInTKsQMm+gGjW0n6usOpvCXZuK8LmRWGSTmpFJ6DkS7mulN7bILzmUeLL 5tl6Ef56tM9Li4lVMzfxPNypMOj5Bntv1Pam87uXFR1ND0g/+6XMHg2E0TLi/E1K hu1Nuiy6ofBNSewN/Ql6WTDGi2yKviJRrCNaCDKA2pQN5uZNmZS3giSxHqxIFOd/ n3rhhm9Ju8qr6SADJK3cg6r5A4/OU/axzlVzvgFl1dgGSi2VYaBu9uKvw/9DyosE dM7UbaCCey8cB0obaQl87B7gSo90zZVp4q6J1Yx5BrB1gS9iEV/VSfItydGO1jBL xAPKB9ZcTaUxE/dZhoLl =obwP END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com