Lucene search

CiscoCISCO-SA-20140122-CTS

HistoryJan 22, 2014 - 4:00 p.m.

Cisco TelePresence System Software Command Execution Vulnerability

2014-01-2216:00:00

tools.cisco.com

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.014

Percentile

86.5%

JSON

Cisco TelePresence System Software contains a vulnerability in the System Status Collection Daemon (SSCD) code that could allow an unauthenticated, adjacent attacker to execute arbitrary commands with the privileges of the root user.

Cisco has released software updates that address this vulnerability. No workarounds that mitigate this vulnerability are available.
This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts”]

Affected configurations

Vulners

Node

ciscotelepresence_system_softwareMatchany

VendorProductVersionCPE
ciscotelepresence_system_softwareanycpe:2.3:a:cisco:telepresence_system_software:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	telepresence_system_software	any	cpe:2.3:a:cisco:telepresence_system_software:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.014

Percentile

86.5%

JSON

Related for CISCO-SA-20140122-CTS