Lucene search

CiscoCVE-2014-0661

HistoryJan 22, 2014 - 9:55 p.m.

CVE-2014-0661

2014-01-2221:55:03

CWE-94

cisco

web.nvd.nist.gov

cve-2014-0661

sscd

cisco telepresence system

remote code execution

xml-rpc

stack memory corruption

denial of service

nvd

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

High

EPSS

0.014

Percentile

86.5%

JSON

The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796.

Affected configurations

Nvd

Node

ciscotelepresence_system_softwareRange≤1.10.1\(43\)

ciscotelepresence_system_softwareMatch1.5.10\(3648\)

ciscotelepresence_system_softwareMatch1.7.5\(42\)

ciscotelepresence_system_softwareMatch1.7.6\(4\)

ciscotelepresence_system_softwareMatch1.8.0\(55\)

ciscotelepresence_system_softwareMatch1.8.1\(34\)

ciscotelepresence_system_softwareMatch1.8.2\(11\)

ciscotelepresence_system_softwareMatch1.8.3\(4\)

ciscotelepresence_system_softwareMatch1.8.4\(13\)

ciscotelepresence_system_softwareMatch1.8.5\(4\)

ciscotelepresence_system_softwareMatch1.9.0\(46\)

ciscotelepresence_system_softwareMatch1.9.1\(68\)

ciscotelepresence_system_softwareMatch1.9.2\(19\)

ciscotelepresence_system_softwareMatch1.9.3\(44\)

ciscotelepresence_system_softwareMatch1.9.4\(19\)

ciscotelepresence_system_softwareMatch1.9.5\(7\)

ciscotelepresence_system_softwareMatch1.9.6\(2\)

ciscotelepresence_system_softwareMatch1.9.6.1\(3\)

ciscotelepresence_system_softwareMatch1.10.0

ciscotelepresence_system_softwareMatch1.10.0\(259\)

ciscotelepresence_system_softwareMatch1.10.1

AND

ciscotelepresence_system_1000Match-

ciscotelepresence_system_1300-65Match-

ciscotelepresence_system_3000

ciscotelepresence_system_3010

ciscotelepresence_system_3200

ciscotelepresence_system_3210

ciscotelepresence_system_500-37Match-

Node

ciscotelepresence_system_softwareRange≤6.0.3\(33\)

ciscotelepresence_system_softwareMatch6.0.0.1\(4\)

ciscotelepresence_system_softwareMatch6.0.1\(50\)

ciscotelepresence_system_softwareMatch6.0.2\(28\)

ciscotelepresence_system_softwareMatch6.1.0\(90\)

AND

ciscotelepresence_system_1100Match-

ciscotelepresence_system_500-32Match-

ciscotelepresence_system_tx1300_47

ciscotelepresence_system_tx1310_65

ciscotelepresence_system_tx9000

ciscotelepresence_system_tx9200

VendorProductVersionCPE
ciscotelepresence_system_software*cpe:2.3:a:cisco:telepresence_system_software:*:*:*:*:*:*:*:*
ciscotelepresence_system_software1.5.10(3648)cpe:2.3:a:cisco:telepresence_system_software:1.5.10\(3648\):*:*:*:*:*:*:*
ciscotelepresence_system_software1.7.5(42)cpe:2.3:a:cisco:telepresence_system_software:1.7.5\(42\):*:*:*:*:*:*:*
ciscotelepresence_system_software1.7.6(4)cpe:2.3:a:cisco:telepresence_system_software:1.7.6\(4\):*:*:*:*:*:*:*
ciscotelepresence_system_software1.8.0(55)cpe:2.3:a:cisco:telepresence_system_software:1.8.0\(55\):*:*:*:*:*:*:*
ciscotelepresence_system_software1.8.1(34)cpe:2.3:a:cisco:telepresence_system_software:1.8.1\(34\):*:*:*:*:*:*:*
ciscotelepresence_system_software1.8.2(11)cpe:2.3:a:cisco:telepresence_system_software:1.8.2\(11\):*:*:*:*:*:*:*
ciscotelepresence_system_software1.8.3(4)cpe:2.3:a:cisco:telepresence_system_software:1.8.3\(4\):*:*:*:*:*:*:*
ciscotelepresence_system_software1.8.4(13)cpe:2.3:a:cisco:telepresence_system_software:1.8.4\(13\):*:*:*:*:*:*:*
ciscotelepresence_system_software1.8.5(4)cpe:2.3:a:cisco:telepresence_system_software:1.8.5\(4\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	telepresence_system_software	*	cpe:2.3:a:cisco:telepresence_system_software::::::::
cisco	telepresence_system_software	1.5.10(3648)	cpe:2.3:a:cisco:telepresence_system_software:1.5.10\(3648\):::::::*
cisco	telepresence_system_software	1.7.5(42)	cpe:2.3:a:cisco:telepresence_system_software:1.7.5\(42\):::::::*
cisco	telepresence_system_software	1.7.6(4)	cpe:2.3:a:cisco:telepresence_system_software:1.7.6\(4\):::::::*
cisco	telepresence_system_software	1.8.0(55)	cpe:2.3:a:cisco:telepresence_system_software:1.8.0\(55\):::::::*
cisco	telepresence_system_software	1.8.1(34)	cpe:2.3:a:cisco:telepresence_system_software:1.8.1\(34\):::::::*
cisco	telepresence_system_software	1.8.2(11)	cpe:2.3:a:cisco:telepresence_system_software:1.8.2\(11\):::::::*
cisco	telepresence_system_software	1.8.3(4)	cpe:2.3:a:cisco:telepresence_system_software:1.8.3\(4\):::::::*
cisco	telepresence_system_software	1.8.4(13)	cpe:2.3:a:cisco:telepresence_system_software:1.8.4\(13\):::::::*
cisco	telepresence_system_software	1.8.5(4)	cpe:2.3:a:cisco:telepresence_system_software:1.8.5\(4\):::::::*

Rows per page:

1-10 of 381

References

osvdb.org/102362

secunia.com/advisories/56533

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts

www.securityfocus.com/bid/65071

www.securitytracker.com/id/1029656

exchange.xforce.ibmcloud.com/vulnerabilities/90624

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

High

EPSS

0.014

Percentile

86.5%

JSON

Related for CVE-2014-0661