CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
52.1%
A vulnerability in the web framework of multiple Cisco
TelePresence products could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of
the root user.
The vulnerability is due to insufficient input
validation. An attacker could exploit this vulnerability by
authenticating to the device and submitting crafted input to the
affected parameter in a web page. Administrative privileges are required
in order to access the affected parameter. A successful exploit could allow an
attacker
to execute system commands with the privileges of the root user.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link:
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | telepresence_server_software | any | cpe:2.3:a:cisco:telepresence_server_software:any:*:*:*:*:*:*:* |
cisco | telepresence_mcu_software | any | cpe:2.3:a:cisco:telepresence_mcu_software:any:*:*:*:*:*:*:* |
cisco | telepresence_supervisor_mse_8050_software | any | cpe:2.3:a:cisco:telepresence_supervisor_mse_8050_software:any:*:*:*:*:*:*:* |
cisco | telepresence_isdn_gw_3241 | any | cpe:2.3:a:cisco:telepresence_isdn_gw_3241:any:*:*:*:*:*:*:* |
cisco | telepresence_advanced_media_gateway | any | cpe:2.3:a:cisco:telepresence_advanced_media_gateway:any:*:*:*:*:*:*:* |
cisco | telepresence_ip_gateway | any | cpe:2.3:a:cisco:telepresence_ip_gateway:any:*:*:*:*:*:*:* |
cisco | telepresence_serial_gateway | any | cpe:2.3:a:cisco:telepresence_serial_gateway:any:*:*:*:*:*:*:* |
cisco | telepresence_ip_vcr_2.4 | any | cpe:2.3:a:cisco:telepresence_ip_vcr_2.4:any:*:*:*:*:*:*:* |
cisco | telepresence_supervisor_mse_8050 | 8050_software | cpe:2.3:h:cisco:telepresence_supervisor_mse_8050:8050_software:*:*:*:*:*:*:* |
cisco | telepresence_isdn_gw_3241 | 3241 | cpe:2.3:a:cisco:telepresence_isdn_gw_3241:3241:*:*:*:*:*:*:* |