CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
88.6%
Cisco TelePresence Endpoint devices contain the following vulnerabilities:
Cisco TelePresence API Remote Command Execution Vulnerability
Cisco TelePresence Remote Command Execution Vulnerability
Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability
Exploitation of the API Remote Command Execution vulnerability could allow an unauthenticated, adjacent attacker to inject commands into API requests. The injected commands will be executed by the underlying operating system in an elevated context.
Exploitation of the Remote Command Execution vulnerability could allow an authenticated, remote attacker to inject commands into requests made to the Administrative Web interface. The injected commands will be executed by the underlying operating system in an elevated context.
Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that mitigate these vulnerabilities.
This advisory is available at the following link:
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | telepresence_recording_server | any | cpe:2.3:h:cisco:telepresence_recording_server:any:*:*:*:*:*:*:* |
cisco | telepresence_manager | any | cpe:2.3:a:cisco:telepresence_manager:any:*:*:*:*:*:*:* |
cisco | telepresence_multipoint_switch | any | cpe:2.3:h:cisco:telepresence_multipoint_switch:any:*:*:*:*:*:*:* |