{"cve": [{"lastseen": "2018-11-01T05:13:46", "bulletinFamily": "NVD", "description": "The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953.", "modified": "2018-10-30T12:26:48", "published": "2012-07-12T06:34:42", "id": "CVE-2012-2486", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2486", "title": "CVE-2012-2486", "type": "cve", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-01T05:13:47", "bulletinFamily": "NVD", "description": "The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to cause a denial of service (networking outage or process crash) via (1) malformed IP packets, (2) a high rate of TCP connection requests, or (3) a high rate of TCP connection terminations, aka Bug IDs CSCti21830, CSCti21851, CSCtj19100, CSCtj19086, CSCtj19078, CSCty11219, CSCty11299, CSCty11323, and CSCty11338.", "modified": "2018-10-30T12:26:48", "published": "2012-07-12T06:34:42", "id": "CVE-2012-3073", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3073", "title": "CVE-2012-3073", "type": "cve", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T16:45:26", "bulletinFamily": "NVD", "description": "The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724.", "modified": "2012-07-12T00:00:00", "published": "2012-07-12T06:34:42", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3075", "id": "CVE-2012-3075", "type": "cve", "title": "CVE-2012-3075", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T16:45:27", "bulletinFamily": "NVD", "description": "The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804.", "modified": "2012-07-12T00:00:00", "published": "2012-07-12T06:34:42", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3076", "id": "CVE-2012-3076", "title": "CVE-2012-3076", "type": "cve", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-01T05:13:47", "bulletinFamily": "NVD", "description": "An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382.", "modified": "2018-10-30T12:26:48", "published": "2012-07-12T06:34:42", "id": "CVE-2012-3074", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3074", "title": "CVE-2012-3074", "type": "cve", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cisco": [{"lastseen": "2018-07-14T16:40:42", "bulletinFamily": "software", "description": "A remote code execution vulnerability in the implementation of the Cisco\nDiscovery Protocol component could allow an unauthenticated, adjacent\nattacker to execute arbitrary code with elevated privileges. The\nvulnerability is due to a failure to properly handle malformed Cisco\nDiscovery Protocol packets. An attacker could exploit this\nvulnerability by passing malformed Cisco\nDiscovery Protocol packets to an\naffected device. Successful exploitation of this vulnerability could allow the\nattacker to execute arbitrary code with elevated privileges.\n\nBecause Cisco Discovery Protocol works at the data link layer (Layer 2),\nan attacker must have a way to submit an Ethernet frame directly to an\naffected device. This action may be possible in situations where the affected\nsystem is part of a bridged network or connected to a non partitioned\ndevice, such as a network hub.\n\nA vulnerability exists in the administrative web interface that could allow an authenticated, remote attacker to perform a command injection attack. An attacker could leverage this issue to send malicious requests to the device that, when processed, could allow the attacker to execute arbitrary commands with elevated privileges.\n\nA vulnerability exists in the network stack of the operating system that could allow an unauthenticated, remote attacker to create a denial of service condition, preventing the device from responding to new connection requests and potentially leading to the crash of some of the services and processes. The vulnerability is due to improper handling of malformed IP packets and TCP connection requests or terminations sent at a high rate. An attacker could exploit this vulnerability by sending a specially crafted sequence of malformed IP packets or TCP segments at a high rate.\n\nCisco TelePresence Recording Server contains the following vulnerabilities:\n\n Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability\n Cisco TelePresence Web Interface Command Injection\n Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability\n\nExploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow a remote, unauthenticated attacker to create a denial of service condition, preventing the product from responding to new connection requests and potentially causing some services and processes to crash.\n\nExploitation of the Cisco TelePresence Web Interface Command Injection may allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges.\n\nExploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.\n\nCisco has released updated software that resolves the command and code execution vulnerabilities. There are currently no plans to resolve the malformed IP packets denial of service vulnerability, as this product is no longer being actively supported.\n\nThere are no workarounds that mitigate these vulnerabilities.\n\nCustomers should contact their Cisco Sales Representative to determine the Business Unit responsible for their Cisco TelePresence Recording Server.\n\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs\"]", "modified": "2012-07-31T19:04:33", "published": "2012-07-11T16:00:00", "id": "CISCO-SA-20120711-CTRS", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs", "type": "cisco", "title": "Multiple Vulnerabilities in Cisco TelePresence Recording Server", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-07-14T16:40:41", "bulletinFamily": "software", "description": "A remote code execution vulnerability in the implementation of the Cisco\nDiscovery Protocol component could allow an unauthenticated, adjacent\nattacker to execute arbitrary code with elevated privileges. The\nvulnerability is due to a failure to properly handle malformed Cisco\nDiscovery Protocol packets. An attacker could exploit this\nvulnerability by passing malformed Cisco\nDiscovery Protocol packets to an\naffected device. Successful exploitation of this vulnerability could allow the\nattacker to execute arbitrary code with elevated privileges.\n\nBecause Cisco Discovery Protocol works at the data link layer (Layer 2),\nan attacker must have a way to submit an Ethernet frame directly to an\naffected device. This action may be possible in situations where the affected\nsystem is part of a bridged network or connected to a non partitioned\ndevice, such as a network hub.\n\nCisco TelePresence Endpoint devices contain the following vulnerabilities:\n\n Cisco TelePresence API Remote Command Execution Vulnerability\n Cisco TelePresence Remote Command Execution Vulnerability\n Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability\n\nExploitation of the API Remote Command Execution vulnerability could allow an unauthenticated, adjacent attacker to inject commands into API requests. The injected commands will be executed by the underlying operating system in an elevated context.\n\nExploitation of the Remote Command Execution vulnerability could allow an authenticated, remote attacker to inject commands into requests made to the Administrative Web interface. The injected commands will be executed by the underlying operating system in an elevated context.\n\nExploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.\n\nCisco has released software updates that address these vulnerabilities. \n\nThere are no workarounds that mitigate these vulnerabilities. \n\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts[\"https://tvce.cisco.com/security/AIMS/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts\"]", "modified": "2012-09-24T14:56:45", "published": "2012-07-11T16:00:00", "id": "CISCO-SA-20120711-CTS", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts", "type": "cisco", "title": "Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-07-14T12:39:32", "bulletinFamily": "software", "description": "A remote code execution vulnerability in the implementation of the Cisco\nDiscovery Protocol component could allow an unauthenticated, adjacent\nattacker to execute arbitrary code with elevated privileges. The\nvulnerability is due to a failure to properly handle malformed Cisco\nDiscovery Protocol packets. An attacker could exploit this\nvulnerability by passing malformed Cisco\nDiscovery Protocol packets to an\naffected device. Successful exploitation of this vulnerability could allow the\nattacker to execute arbitrary code with elevated privileges.\n\nBecause Cisco Discovery Protocol works at the data link layer (Layer 2),\nan attacker must have a way to submit an Ethernet frame directly to an\naffected device. This action may be possible in situations where the affected\nsystem is part of a bridged network or connected to a non partitioned\ndevice, such as a network hub.\n\nA vulnerability exists in the network stack of the operating system that could allow an unauthenticated, remote attacker to create a denial of service condition, preventing the device from responding to new connection requests and potentially leading to the crash of some of the services and processes. The vulnerability is due to improper handling of malformed IP packets and TCP connection requests or terminations sent at a high rate. An attacker could exploit this vulnerability by sending a specially crafted sequence of malformed IP packets or TCP segments at a high rate.\n\nCisco TelePresence Multipoint Switch contains the following vulnerabilities:\n\n Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability \n Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability \n\nExploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition,\ncausing the product to become unresponsive to new connection requests and\npotentially leading to termination services and processes.\n\nExploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute\narbitrary code with elevated privileges.\n\nCisco has released software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. This advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms\"]", "modified": "2012-07-10T15:08:36", "published": "2012-07-11T16:00:00", "id": "CISCO-SA-20120711-CTMS", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms", "type": "cisco", "title": "Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-07-14T14:31:19", "bulletinFamily": "software", "description": "A remote code execution vulnerability in the implementation of the Cisco\nDiscovery Protocol component could allow an unauthenticated, adjacent\nattacker to execute arbitrary code with elevated privileges. The\nvulnerability is due to a failure to properly handle malformed Cisco\nDiscovery Protocol packets. An attacker could exploit this\nvulnerability by passing malformed Cisco\nDiscovery Protocol packets to an\naffected device. Successful exploitation of this vulnerability could allow the\nattacker to execute arbitrary code with elevated privileges.\n\nBecause Cisco Discovery Protocol works at the data link layer (Layer 2),\nan attacker must have a way to submit an Ethernet frame directly to an\naffected device. This action may be possible in situations where the affected\nsystem is part of a bridged network or connected to a non partitioned\ndevice, such as a network hub.\n\nA vulnerability exists in the network stack of the operating system that could allow an unauthenticated, remote attacker to create a denial of service condition, preventing the device from responding to new connection requests and potentially leading to the crash of some of the services and processes. The vulnerability is due to improper handling of malformed IP packets and TCP connection requests or terminations sent at a high rate. An attacker could exploit this vulnerability by sending a specially crafted sequence of malformed IP packets or TCP segments at a high rate.\n\nCisco TelePresence Manager contains the following vulnerabilities:\n\n Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability\n Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability \n\nExploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition,\ncausing the product to become unresponsive to new connection requests and\npotentially leading to termination services and processes.\n\nExploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute\narbitrary code with elevated privileges.\n\nCisco has released software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman\"]", "modified": "2012-07-10T16:21:50", "published": "2012-07-11T16:00:00", "id": "CISCO-SA-20120711-CTSMAN", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman", "type": "cisco", "title": "Multiple Vulnerabilities in Cisco TelePresence Manager", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:17:15", "bulletinFamily": "scanner", "description": "According to its self-reported version, the version of Cisco\nTelePresence Multipoint Switch Server installed on the remote host is\npotentially affected by multiple vulnerabilities :\n\n - By sending specially crafted IP packets at a high rate,\n it may be possible to crash some of the services running\n on the host. (CVE-2012-3073)\n\n - The Cisco Discovery Protocol (CDP) implementation on the\n remote host is affected by a vulnerability that could\n allow a remote, unauthenticated, adjacent attacker with\n data link layer access the ability to execute arbitrary\n code by sending specially crafted CDP packets.\n (CVE-2012-2486)", "modified": "2018-11-15T00:00:00", "published": "2013-09-20T00:00:00", "id": "CISCO-SA-20120711-CTMS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70024", "title": "Cisco TelePresence Multipoint Switch Multiple Vulnerabilities (cisco-sa-20120711-ctms)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70024);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/15 20:50:20\");\n\n script_cve_id(\"CVE-2012-2486\", \"CVE-2012-3073\");\n script_bugtraq_id(54382);\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20120711-ctms\");\n script_xref(name:\"IAVB\", value:\"2012-B-0070\");\n\n script_name(english:\"Cisco TelePresence Multipoint Switch Multiple Vulnerabilities (cisco-sa-20120711-ctms)\");\n script_summary(english:\"Checks CTMS version\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote host is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its self-reported version, the version of Cisco\nTelePresence Multipoint Switch Server installed on the remote host is\npotentially affected by multiple vulnerabilities :\n\n - By sending specially crafted IP packets at a high rate,\n it may be possible to crash some of the services running\n on the host. (CVE-2012-3073)\n\n - The Cisco Discovery Protocol (CDP) implementation on the\n remote host is affected by a vulnerability that could\n allow a remote, unauthenticated, adjacent attacker with\n data link layer access the ability to execute arbitrary\n code by sending specially crafted CDP packets.\n (CVE-2012-2486)\"\n );\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7422b51c\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Cisco TelePresence Multipoint Switch 1.9.0 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:telepresence_multipoint_switch_software\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/UCOS/Cisco TelePresence Multipoint Switch/version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\ndisplay_version = get_kb_item_or_exit('Host/UCOS/Cisco TelePresence Multipoint Switch/version');\nmatch = eregmatch(string:display_version, pattern:'^([0-9.]+)');\nif (isnull(match)) # this should not happen\n audit(AUDIT_FN_FAIL, 'eregmatch');\nelse\n version = match[1];\n\n# versions prior to 1.9.0 are vulnerable\nif (ver_compare(ver:version, fix:'1.9', strict:FALSE) == -1)\n fix = '1.9.0';\nelse\n audit(AUDIT_INST_VER_NOT_VULN, 'Cisco TelePresence Multipoint Switch', display_version);\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + display_version +\n '\\n Fixed version : ' + fix + '\\n';\n security_hole(port:0, extra:report);\n}\nelse security_hole(0);\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
