Cisco TelePresence System Software Command Execution Vulnerability

2014.01.22
Credit: CISCO
Risk: High
Local: No
Remote: Yes
CVE: CVE-2014-0661
CWE: N/A


Ogólna skala CVSS: 8.3/10
Znaczenie: 10/10
Łatwość wykorzystania: 6.5/10
Wymagany dostęp: Sieć lokalna
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Pełny
Wpływ na integralność: Pełny
Wpływ na dostępność: Pełny

Cisco Security Advisory: Cisco TelePresence System Software Command Execution Vulnerability Advisory ID: cisco-sa-20140122-cts Revision 1.0 For Public Release 2014 January 22 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco TelePresence System Software contains a vulnerability in the System Status Collection Daemon (SSCD) code that could allow an unauthenticated, adjacent attacker to execute arbitrary commands with the privileges of the root user. Cisco has released free software updates that address this vulnerability. No workarounds that mitigate this vulnerability are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts

Referencje:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts
http://seclists.org/fulldisclosure/2014/Jan/148


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top