Lucene search

CiscoCISCO-SA-20140122-CTS

HistoryJan 22, 2014 - 4:00 p.m.

Cisco TelePresence System Software Command Execution Vulnerability

2014-01-2216:00:00

tools.cisco.com

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.5%

JSON

Cisco TelePresence System Software contains a vulnerability in the System Status Collection Daemon (SSCD) code that could allow an unauthenticated, adjacent attacker to execute arbitrary commands with the privileges of the root user.

Cisco has released software updates that address this vulnerability. No workarounds that mitigate this vulnerability are available.
This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts”]

Affected configurations

Vulners

Node

ciscotelepresence_system_softwareMatchany

CPENameOperatorVersion
cisco telepresence system softwareeqany
cisco telepresence system softwareeqany

CPE	Name	Operator	Version
	cisco telepresence system software	eq	any
	cisco telepresence system software	eq	any

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.5%

JSON

Related for CISCO-SA-20140122-CTS