Executive Summary
Summary | |
---|---|
Title | Command Injection Vulnerability in Multiple Cisco TelePresence Products |
Informations | |||
---|---|---|---|
Name | cisco-sa-20150513-tp | First vendor Publication | 2015-05-13 |
Vendor | Cisco | Last vendor Modification | 2015-05-13 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the web framework of multiple Cisco TelePresence products could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. Administrative privileges are required in order to access the affected parameter. A successful exploit could allow an attacker to execute system commands with the privileges of the root user. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJVU3TLAAoJEIpI1I6i1Mx3jecP/3kHeHdA/61g2gSFRTRQf2xL uIwAlCtJvxc7t7Wojrvo575D0Fn0QKXAlONaNkbLJ4g2NPrt+cTUejjFf1HbtEPL 9jUeiDbxS0b6ieIr/B9w8GXuVRSkPoxWNokWDWgog8hs5AZdp+b8pdK80K+SG3wP SZd8yUbY+t6zRYDw3i1ZnVUeE72rpfzO2KpauoHjyuWHi6NcfQeZr1ZfNAeLaq23 t041gPynTUuyM95Wz0QWQhUXAVNaDHcHdNZ3Gg31lBxS2r9Phmm5OgJ9aVx129rm 2LO9aQLFL+v0shwY6LSo/3GzUWtZmbn/SzsXHb7vyfPzBwfv+E8enkZj2QCA+7Ob A9e9t3rInTKsQMm+gGjW0n6usOpvCXZuK8LmRWGSTmpFJ6DkS7mulN7bILzmUeLL 5tl6Ef56tM9Li4lVMzfxPNypMOj5Bntv1Pam87uXFR1ND0g/+6XMHg2E0TLi/E1K hu1Nuiy6ofBNSewN/Ql6WTDGi2yKviJRrCNaCDKA2pQN5uZNmZS3giSxHqxIFOd/ n3rhhm9Ju8qr6SADJK3cg6r5A4/OU/axzlVzvgFl1dgGSi2VYaBu9uKvw/9DyosE dM7UbaCCey8cB0obaQl87B7gSo90zZVp4q6J1Yx5BrB1gS9iEV/VSfItydGO1jBL xAPKB9ZcTaUxE/dZhoLl =obwP END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-05-21 | IAVM : 2015-A-0117 - Multiple Vulnerabilities in Cisco Telepresence Products Severity : Category I - VMSKEY : V0060745 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | Cisco TelePresence command injection attempt RuleID : 47681 - Revision : 1 - Type : SERVER-WEBAPP |
2020-12-05 | Cisco TelePresence command injection attempt RuleID : 47680 - Revision : 1 - Type : SERVER-WEBAPP |
2020-12-05 | Cisco TelePresence command injection attempt RuleID : 47679 - Revision : 1 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-05-21 | Name : The remote device is affected by a command injection vulnerability. File : cisco-sa-20150513-tp-isdngw.nasl - Type : ACT_GATHER_INFO |
2015-05-21 | Name : The remote device is affected by a command injection vulnerability. File : cisco_telepresence_ip_vcr_sa_20150513_tp.nasl - Type : ACT_GATHER_INFO |
2015-05-21 | Name : The remote device is affected by a command injection vulnerability. File : cisco_telepresence_mcu_sa_20150513_tp.nasl - Type : ACT_GATHER_INFO |
2015-05-21 | Name : The remote device is affected by a command injection vulnerability. File : cisco_telepresence_mse_sa-20150513-tp.nasl - Type : ACT_GATHER_INFO |
2015-05-21 | Name : The remote host is affected by command injection vulnerability. File : cisco_telepresence_server_sa_20150513_tp.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-12-05 21:23:46 |
|
2015-10-18 17:22:09 |
|
2015-05-26 21:30:11 |
|
2015-05-22 13:29:16 |
|
2015-05-13 21:25:56 |
|