Cisco TelePresence System Software Command Execution Vulnerability

2014-01-22T16:00:00
ID CISCO-SA-20140122-CTS
Type cisco
Reporter Cisco
Modified 2014-01-22T15:57:37

Description

A vulnerability in System Status Collection Daemon (SSCD) code could allow an unauthenticated, adjacent attacker to execute arbitrary commands with the privilege of the root user.

The vulnerability is due to improper validation of parameters passed to the SSCD code via an XML-remote procedure call (RPC). An attacker could exploit this vulnerability by sending crafted XML-RPC messages. An exploit could allow the attacker to execute arbitrary calls via stack corruption with the privilege of the root user.

Cisco TelePresence System Software contains a vulnerability in the System Status Collection Daemon (SSCD) code that could allow an unauthenticated, adjacent attacker to execute arbitrary commands with the privileges of the root user.

Cisco has released software updates that address this vulnerability. No workarounds that mitigate this vulnerability are available. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts"]