CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:C/I:C/A:C
EPSS
Percentile
54.9%
A vulnerability in the
implementation of executable utilities that use the universal bootloader
(u-boot) compiler of Cisco TelePresence TC and TE Software could allow
an authenticated, local attacker to create a buffer overflow and
possibly execute arbitrary code on the affected system.
The
vulnerability is due to the improper implementation of internal executable files
when the u-boot compiler flag is defined. An attacker could exploit
this vulnerability by accessing the affected system command-line interface (CLI) and try to run
the affected executable files.
Cisco has confirmed the vulnerability in a security advisory and released software updates.
A successful exploit would require local access to the targeted device. This access requirement decreases the likelihood of a successful exploit.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | telepresence_tc_software | any | cpe:2.3:a:cisco:telepresence_tc_software:any:*:*:*:*:*:*:* |