ID CISCO-SA-20150513-TCType ciscoReporter CiscoModified 2015-05-13T16:00:00
Description
Cisco TelePresence TC and TE Software contains the following vulnerabilities:
Cisco TelePresence TC and TE Software Authentication Bypass Vulnerability
Cisco TelePresence TC and TE Software Crafted Packets Denial of Service Vulnerability
Successful exploitation of the Cisco TelePresence TC and TE Software Authentication Bypass Vulnerability could allow an attacker to bypass
system authentication and access the device with the privileges of the root user.
Successful
exploitation of the Cisco TelePresence TC and TE Software Crafted Packets Denial of Service Vulnerability could allow an attacker to
restart several processes and possibly trigger a reload of the
affected system.
Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc"]
{"id": "CISCO-SA-20150513-TC", "vendorId": null, "type": "cisco", "bulletinFamily": "software", "title": "Multiple Vulnerabilities in Cisco TelePresence TC and TE Software", "description": "Cisco TelePresence TC and TE Software contains the following vulnerabilities:\n\n Cisco TelePresence TC and TE Software Authentication Bypass Vulnerability\n Cisco TelePresence TC and TE Software Crafted Packets Denial of Service Vulnerability \n\nSuccessful exploitation of the Cisco TelePresence TC and TE Software Authentication Bypass Vulnerability could allow an attacker to bypass\nsystem authentication and access the device with the privileges of the root user.\n\nSuccessful\nexploitation of the Cisco TelePresence TC and TE Software Crafted Packets Denial of Service Vulnerability could allow an attacker to\nrestart several processes and possibly trigger a reload of the\naffected system.\n\nCisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc\"]", "published": "2015-05-13T16:00:00", "modified": "2015-05-13T16:00:00", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc", "reporter": "Cisco", "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc"], "cvelist": ["CVE-2014-2174", "CVE-2015-0722"], "immutableFields": [], "lastseen": "2022-03-12T03:50:59", "viewCount": 6, "enchantments": {"score": {"value": 7.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2174", "CVE-2015-0722"]}, {"type": "nessus", "idList": ["CISCO_TELEPRESENCE_SA_20150513_TC.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14495"]}]}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2014-2174"]}]}, "exploitation": null, "vulnersScore": 7.4}, "_state": {"dependencies": 1647589307, "score": 0}, "_internal": {}, "affectedSoftware": [{"version": "any", "operator": "eq", "name": "cisco telepresence tc software"}, {"version": "any", "operator": "eq", "name": "cisco telepresence te software"}, {"version": "any", "operator": "eq", "name": "cisco telepresence tc software"}, {"version": "any", "operator": "eq", "name": "cisco telepresence te software"}], "vendorCvss": {"score": "8.3", "severity": "high"}}
{"nessus": [{"lastseen": "2021-08-19T12:45:47", "description": "The version of Cisco TelePresence TC or TE software running on the remote device is affected by one or more of the following vulnerabilities :\n\n - A implementation flaw exists in the authentication and authorization controls for internal services. An unauthenticated attacker, within the broadcast or collision domains, or who has physical access to the device, can exploit this flaw to bypass authentication and obtain root access to the system by connecting to the affected service. (CVE-2014-2174)\n\n - A flaw exists due to insufficient implementation of flood controls in the network drivers. A remote, unauthenticated attacker, by rapidly sending crafted IP packets to the device, can exploit this to cause processes to restart, potentially leading to a reload of the affected system and a denial of service.\n (CVE-2015-0722)", "cvss3": {"score": null, "vector": null}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "Cisco TelePresence TC and TE Software Multiple Vulnerabilities (cisco-sa-20150513-tc)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2174", "CVE-2015-0722"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:cisco:telepresence_tc_software", "cpe:/a:cisco:telepresence_te_software"], "id": "CISCO_TELEPRESENCE_SA_20150513_TC.NASL", "href": "https://www.tenable.com/plugins/nessus/83731", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83731);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/15 20:50:20\");\n\n script_cve_id(\"CVE-2014-2174\", \"CVE-2015-0722\");\n script_bugtraq_id(74636, 74639);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCuj68952\");\n script_xref(name:\"IAVA\", value:\"2015-A-0117\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCub67651\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20150513-tc\");\n\n script_name(english:\"Cisco TelePresence TC and TE Software Multiple Vulnerabilities (cisco-sa-20150513-tc)\");\n script_summary(english:\"Checks the software version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Cisco TelePresence TC or TE software running on the\nremote device is affected by one or more of the following\nvulnerabilities :\n\n - A implementation flaw exists in the authentication and\n authorization controls for internal services. An\n unauthenticated attacker, within the broadcast or\n collision domains, or who has physical access to the\n device, can exploit this flaw to bypass authentication\n and obtain root access to the system by connecting to\n the affected service. (CVE-2014-2174)\n\n - A flaw exists due to insufficient implementation of\n flood controls in the network drivers. A remote,\n unauthenticated attacker, by rapidly sending crafted\n IP packets to the device, can exploit this to cause\n processes to restart, potentially leading to a reload\n of the affected system and a denial of service.\n (CVE-2015-0722)\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8ddf139f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/security/center/viewAlert.x?alertId=38719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/security/center/viewAlert.x?alertId=38718\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant Cisco TelePresence TC or TE software version\nreferenced in Cisco Security Advisory cisco-sa-20150513-tc.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:telepresence_tc_software\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:telepresence_te_software\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cisco_telepresence_mcu_detect.nasl\");\n script_require_keys(\"Cisco/TelePresence_MCU/Device\", \"Cisco/TelePresence_MCU/Version\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Cisco TelePresence TC or TE software\";\ndevice = get_kb_item_or_exit(\"Cisco/TelePresence_MCU/Device\");\nversion = get_kb_item_or_exit(\"Cisco/TelePresence_MCU/Version\");\n\nmatch = eregmatch(pattern: \"^(T[CE])(\\d+(?:\\.\\d+)*)\", string:version);\nif (isnull(match)) audit(AUDIT_UNKNOWN_APP_VER, app_name);\n\napp_name = \"Cisco TelePresence \" + match[1];\nver = match[2];\nfix = \"7.3.2\"; # 7.3.2 addresses both issues\n\n# T Series device have no fix available\nif (device =~ \" T1($|[ \\n\\r])\" || device =~ \" T3($|[ \\n\\r])\")\n fix = \"See vendor advisory.\";\nelse if (ver_compare(ver:ver, fix:fix, strict:FALSE) >= 0)\n audit(AUDIT_INST_VER_NOT_VULN, app_name, ver);\n\nport = 0;\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:00", "bulletinFamily": "software", "cvelist": ["CVE-2015-0722", "CVE-2014-2174", "CVE-2015-0713"], "description": "Code execution, authentication bypass, DoS.", "edition": 1, "modified": "2015-05-17T00:00:00", "published": "2015-05-17T00:00:00", "id": "SECURITYVULNS:VULN:14495", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14495", "title": "Cisco Telepresence security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2022-03-23T11:43:50", "description": "The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote attackers to cause a denial of service (process restart or device reload) via a flood of crafted IP packets, aka Bug ID CSCuj68952.", "cvss3": {}, "published": "2015-05-25T00:59:00", "type": "cve", "title": "CVE-2015-0722", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0722"], "modified": "2015-05-26T17:40:00", "cpe": ["cpe:/a:cisco:telepresence_tc_software:7.1.4", "cpe:/a:cisco:telepresence_tc_software:6.0.3", "cpe:/a:cisco:telepresence_tc_software:5.1.3", "cpe:/a:cisco:telepresence_tc_software:6.3.0", "cpe:/a:cisco:telepresence_te_software:6.0.1", "cpe:/a:cisco:telepresence_tc_software:4.1.0", "cpe:/a:cisco:telepresence_tc_software:7.1.0", "cpe:/a:cisco:telepresence_tc_software:6.1.3", "cpe:/a:cisco:telepresence_tc_software:4.2.3", "cpe:/a:cisco:telepresence_tc_software:6.3.4", "cpe:/a:cisco:telepresence_tc_software:6.1.2", "cpe:/a:cisco:telepresence_tc_software:3.1.5", "cpe:/a:cisco:telepresence_tc_software:6.0.0-cucm", "cpe:/a:cisco:telepresence_tc_software:4.1.2", "cpe:/a:cisco:telepresence_tc_software:7.1.1", "cpe:/a:cisco:telepresence_tc_software:6.1.1-cucm", "cpe:/a:cisco:telepresence_tc_software:4.2_base", "cpe:/a:cisco:telepresence_tc_software:4.2.0", "cpe:/a:cisco:telepresence_tc_software:5.1.4", "cpe:/a:cisco:telepresence_tc_software:4.1_base", "cpe:/a:cisco:telepresence_tc_software:6.0.0", "cpe:/a:cisco:telepresence_tc_software:5.1.5-cucm", "cpe:/a:cisco:telepresence_tc_software:6.1.0", "cpe:/a:cisco:telepresence_tc_software:4.2.1", "cpe:/a:cisco:telepresence_tc_software:5.1.6-cucm", "cpe:/a:cisco:telepresence_tc_software:5.1.4-cucm", "cpe:/a:cisco:telepresence_tc_software:3.1_base", "cpe:/a:cisco:telepresence_tc_software:4.2.4", "cpe:/a:cisco:telepresence_tc_software:5.0.2", "cpe:/a:cisco:telepresence_tc_software:7.3.1", "cpe:/a:cisco:telepresence_tc_software:6.3.2", "cpe:/a:cisco:telepresence_tc_software:7.1.3", "cpe:/a:cisco:telepresence_te_software:6.0.2", "cpe:/a:cisco:telepresence_tc_software:6.1.4", "cpe:/a:cisco:telepresence_tc_software:5.1.3-cucm", "cpe:/a:cisco:telepresence_tc_software:5.1.7-cucm", "cpe:/a:cisco:telepresence_tc_software:7.3.0", "cpe:/a:cisco:telepresence_tc_software:5.1_base", "cpe:/a:cisco:telepresence_tc_software:6.0.2", "cpe:/a:cisco:telepresence_tc_software:5.1.6", "cpe:/a:cisco:telepresence_tc_software:6.3.3", "cpe:/a:cisco:telepresence_tc_software:4.2.2", "cpe:/a:cisco:telepresence_tc_software:6.0.1", "cpe:/a:cisco:telepresence_tc_software:6.1.2-cucm", "cpe:/a:cisco:telepresence_te_software:6.0_base", "cpe:/a:cisco:telepresence_tc_software:6.0_base", "cpe:/a:cisco:telepresence_tc_software:5.0_base", "cpe:/a:cisco:telepresence_tc_software:5.0.2-cucm", "cpe:/a:cisco:telepresence_tc_software:7.2.1", "cpe:/a:cisco:telepresence_tc_software:7.1.2", "cpe:/a:cisco:telepresence_tc_software:4.1.1", "cpe:/a:cisco:telepresence_tc_software:5.1.5", "cpe:/a:cisco:telepresence_tc_software:6.3.1", "cpe:/a:cisco:telepresence_tc_software:6.0.1-cucm", "cpe:/a:cisco:telepresence_tc_software:6.1.1", "cpe:/a:cisco:telepresence_tc_software:7.2.0", "cpe:/a:cisco:telepresence_te_software:6.0.0", "cpe:/a:cisco:telepresence_tc_software:6.1_base", "cpe:/a:cisco:telepresence_tc_software:6.1.0-cucm", "cpe:/a:cisco:telepresence_tc_software:5.1.7"], "id": "CVE-2015-0722", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0722", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:cisco:telepresence_tc_software:5.0_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.0.1-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.1.1-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_te_software:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.4-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.1_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.7-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.0.0-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.0.2-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.1_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:3.1_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.0_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.3-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_te_software:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.1.0-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.6-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.5-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_te_software:6.0_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_te_software:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.2_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.1.2-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:7.3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:33:02", "description": "Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local network and allows physically proximate attackers to obtain root privileges via unspecified vectors, aka Bug ID CSCub67651.", "cvss3": {}, "published": "2015-05-25T00:59:00", "type": "cve", "title": "CVE-2014-2174", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2174"], "modified": "2015-05-26T17:54:00", "cpe": ["cpe:/a:cisco:telepresence_tc_software:6.0.0", "cpe:/a:cisco:telepresence_tc_software:5.1.6-cucm", "cpe:/a:cisco:telepresence_tc_software:6.1.2", "cpe:/a:cisco:telepresence_tc_software:4.1_base", "cpe:/a:cisco:telepresence_tc_software:4.2.3", "cpe:/a:cisco:telepresence_tc_software:5.0.2", "cpe:/a:cisco:telepresence_te_software:6.0_base", "cpe:/a:cisco:telepresence_tc_software:6.1_base", "cpe:/a:cisco:telepresence_tc_software:4.1.2", "cpe:/a:cisco:telepresence_te_software:6.0.1", "cpe:/a:cisco:telepresence_tc_software:3.1_base", "cpe:/a:cisco:telepresence_te_software:6.0.2", "cpe:/a:cisco:telepresence_tc_software:4.2.0", "cpe:/a:cisco:telepresence_tc_software:5.1.4-cucm", "cpe:/a:cisco:telepresence_tc_software:4.2.1", "cpe:/a:cisco:telepresence_tc_software:6.3.0", "cpe:/a:cisco:telepresence_tc_software:4.1.1", "cpe:/a:cisco:telepresence_tc_software:5.1.6", "cpe:/a:cisco:telepresence_tc_software:5.1.3", "cpe:/a:cisco:telepresence_tc_software:6.1.0-cucm", "cpe:/a:cisco:telepresence_tc_software:5.1.3-cucm", "cpe:/a:cisco:telepresence_tc_software:6.1.1", "cpe:/a:cisco:telepresence_tc_software:6.1.1-cucm", "cpe:/a:cisco:telepresence_tc_software:4.2.4", "cpe:/a:cisco:telepresence_tc_software:6.0.2", "cpe:/a:cisco:telepresence_tc_software:6.1.2-cucm", "cpe:/a:cisco:telepresence_tc_software:4.2.2", "cpe:/a:cisco:telepresence_tc_software:5.1_base", "cpe:/a:cisco:telepresence_tc_software:4.2_base", "cpe:/a:cisco:telepresence_tc_software:4.1.0", "cpe:/a:cisco:telepresence_tc_software:6.0.1-cucm", "cpe:/a:cisco:telepresence_tc_software:5.0_base", "cpe:/a:cisco:telepresence_tc_software:5.1.7-cucm", "cpe:/a:cisco:telepresence_tc_software:5.1.4", "cpe:/a:cisco:telepresence_tc_software:5.1.5-cucm", "cpe:/a:cisco:telepresence_tc_software:5.0.2-cucm", "cpe:/a:cisco:telepresence_te_software:6.0.0", "cpe:/a:cisco:telepresence_tc_software:3.1.5", "cpe:/a:cisco:telepresence_tc_software:5.1.7", "cpe:/a:cisco:telepresence_tc_software:6.0.1", "cpe:/a:cisco:telepresence_tc_software:5.1.5", "cpe:/a:cisco:telepresence_tc_software:6.0_base", "cpe:/a:cisco:telepresence_tc_software:6.0.0-cucm", "cpe:/a:cisco:telepresence_tc_software:6.1.0"], "id": "CVE-2014-2174", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2174", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:cisco:telepresence_tc_software:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.1.1-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.1_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.1_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.0.2-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.0.0-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_te_software:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.0_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.5-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.4-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.2_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.7-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:3.1_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.0.1-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.3-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_te_software:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.1.0-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_te_software:6.0_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_te_software:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:6.1.2-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.0_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.6-cucm:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_tc_software:5.1.3:*:*:*:*:*:*:*"]}]}
