Vulnerability CVE-2014-0661
Published: 2014-01-22   Modified: 2014-01-23

Description:
The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796.

See advisories in our WLB2 database:
Topic
Author
Date
High
Cisco TelePresence System Software Command Execution Vulnerability
CISCO
22.01.2014

CVSS2 => (AV:A/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8.3/10
10/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Cisco -> Telepresence system software 
Cisco -> Telepresence system 1000 
Cisco -> Telepresence system 1100 
Cisco -> Telepresence system 1300-65 
Cisco -> Telepresence system 3000 
Cisco -> Telepresence system 3010 
Cisco -> Telepresence system 3200 
Cisco -> Telepresence system 3210 
Cisco -> Telepresence system 500-32 
Cisco -> Telepresence system 500-37 
Cisco -> Telepresence system tx1300 47 
Cisco -> Telepresence system tx1310 65 
Cisco -> Telepresence system tx9000 
Cisco -> Telepresence system tx9200 

 References:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts
http://www.securityfocus.com/bid/65071
http://www.securitytracker.com/id/1029656
http://xforce.iss.net/xforce/xfdb/90624
Copyright 2024, cxsecurity.com

 

Back to Top