This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2011-02-25
Product Telepresence System Software Last view 2014-05-25
Version 1.6.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:cisco:telepresence_system_software

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2014-05-25 CVE-2014-3274

Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326.

8.3 2014-01-22 CVE-2014-0661

The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796.

10 2013-08-08 CVE-2013-3454

Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128.

9 2012-07-12 CVE-2012-3075

The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724.

8.3 2012-07-12 CVE-2012-3074

An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382.

7.8 2012-07-12 CVE-2012-3073

The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to cause a denial of service (networking outage or process crash) via (1) malformed IP packets, (2) a high rate of TCP connection requests, or (3) a high rate of TCP connection terminations, aka Bug IDs CSCti21830, CSCti21851, CSCtj19100, CSCtj19086, CSCtj19078, CSCty11219, CSCty11299, CSCty11323, and CSCty11338.

8.3 2012-07-12 CVE-2012-2486

The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953.

7.9 2011-02-25 CVE-2011-0379

Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x; and Cisco TelePresence Manager 1.2.x, 1.3.x, 1.4.x, 1.5.x, and 1.6.2 allows remote attackers to execute arbitrary code via a crafted Cisco Discovery Protocol packet, aka Bug IDs CSCtd75769, CSCtd75766, CSCtd75754, and CSCtd75761.

7.8 2011-02-25 CVE-2011-0377

Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allow remote attackers to cause a denial of service (service crash) via a malformed SOAP request in conjunction with a spoofed TelePresence Manager that supplies an invalid IP address, aka Bug ID CSCth03605.

9 2011-02-25 CVE-2011-0375

The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671.

CWE : Common Weakness Enumeration

%idName
33% (3) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
22% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
11% (1) CWE-399 Resource Management Errors
11% (1) CWE-310 Cryptographic Issues
11% (1) CWE-255 Credentials Management
11% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

id Description
72594 Cisco Multiple Products Crafted Cisco Discovery Protocol (CDP) Packet Handlin...
72592 Cisco TelePresence Spoofed SOAP / Manager Request Remote DoS
72590 Cisco TelePresence CGI Implementation Authenticated Malformed Request Arbitra...

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0016 Cisco TelePresence System Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0043847
2012-B-0070 Multiple Vulnerabilities in Cisco TelePresence
Severity: Category I - VMSKEY: V0033371

Nessus® Vulnerability Scanner

id Description
2014-01-28 Name: The remote device may be affected by a command execution vulnerability.
File: cisco-sa-20140122-cts.nasl - Type: ACT_GATHER_INFO
2013-09-20 Name: The remote host is missing a vendor-supplied security patch.
File: cisco-sa-20120711-ctms.nasl - Type: ACT_GATHER_INFO
2012-07-27 Name: The videoconferencing switch running on the remote host is affected by multip...
File: cisco_tms_web_1_7_0.nasl - Type: ACT_GATHER_INFO