Executive Summary
Summary | |
---|---|
Title | Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices |
Informations | |||
---|---|---|---|
Name | cisco-sa-20110223-telepresence-cts | First vendor Publication | 2010-11-23 |
Vendor | Cisco | Last vendor Modification | 2011-02-23 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities exist in the Cisco TelePresence solution; each component of the solution is addressed independently in its own advisory. This advisory addresses Cisco TelePresence endpoint devices and details the following vulnerabilities: * Unauthenticated Common Gateway Interface (CGI) Access Duplicate Issue Identification in Other Cisco TelePresence Advisories The Cisco Discovery Protocol Remote Code Execution vulnerability affects Cisco TelePresence endpoint devices, Manager, Multipoint Switch, and Recording Server. The defect that is related to each component is covered in each associated advisory. The Cisco bug IDs for these defects are as follows: * Cisco TelePresence endpoint devices (CSCtd75754) |
Original Source
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6 (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
62 % | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25) |
12 % | CWE-399 | Resource Management Errors |
12 % | CWE-200 | Information Exposure |
12 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72594 | Cisco Multiple Products Crafted Cisco Discovery Protocol (CDP) Packet Handlin... |
72593 | Cisco TelePresence TFTP Implementation GET Request Unspecified Information Di... |
72592 | Cisco TelePresence Spoofed SOAP / Manager Request Remote DoS |
72591 | Cisco TelePresence XML-RPC Implementation Unspecified Remote Command Injection |
72590 | Cisco TelePresence CGI Implementation Authenticated Malformed Request Arbitra... |
72589 | Cisco TelePresence CGI Implementation Authenticated Malformed Request Arbitra... |
72588 | Cisco TelePresence CGI Implementation Authenticated Malformed Request Arbitra... |
72587 | Cisco TelePresence CGI Implementation Unspecified Remote Command Injection |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-07-27 | Name : The videoconferencing switch running on the remote host is affected by multip... File : cisco_tms_web_1_7_0.nasl - Type : ACT_GATHER_INFO |