CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
88.6%
Cisco TelePresence Recording Server contains the following vulnerabilities:
Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
Cisco TelePresence Web Interface Command Injection
Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability
Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow a remote, unauthenticated attacker to create a denial of service condition, preventing the product from responding to new connection requests and potentially causing some services and processes to crash.
Exploitation of the Cisco TelePresence Web Interface Command Injection may allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges.
Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.
Cisco has released updated software that resolves the command and code execution vulnerabilities. There are currently no plans to resolve the malformed IP packets denial of service vulnerability, as this product is no longer being actively supported.
There are no workarounds that mitigate these vulnerabilities.
Customers should contact their Cisco Sales Representative to determine the Business Unit responsible for their Cisco TelePresence Recording Server.
This advisory is available at the following link:
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | telepresence_recording_server | any | cpe:2.3:h:cisco:telepresence_recording_server:any:*:*:*:*:*:*:* |
cisco | telepresence_manager | any | cpe:2.3:a:cisco:telepresence_manager:any:*:*:*:*:*:*:* |
cisco | telepresence_multipoint_switch | any | cpe:2.3:h:cisco:telepresence_multipoint_switch:any:*:*:*:*:*:*:* |