Skip to main content

Telepresence Te Software CVE-2014-2170

CRITICAL
Code Injection (CWE-94)
2014-05-02 psirt@cisco.com
9.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
9.0 CRITICAL
AV:N/AC:L/Au:S/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
May 02, 2014 - 10:55 cve.org
CRITICAL 9.0

DescriptionCVE.org

Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to tshell (aka tcsh) scripts, aka Bug ID CSCue60202.

AnalysisAI

Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to tshell (aka tcsh) scripts, aka Bug ID CSCue60202. Affected products include: Cisco Telepresence Te Software, Cisco Telepresence Tc Software. Version information: before 5.1.7.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

CVE-2014-2171 CRITICAL
10.0 May 02

Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x

CVE-2014-2169 CRITICAL
9.0 May 02

Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users

CVE-2014-2168 HIGH
7.6 May 02

Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to exe

CVE-2014-2174 HIGH
8.3 May 25

Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which al

CVE-2015-0722 HIGH
7.8 May 25

The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote

CVE-2014-2175 HIGH
7.8 May 02

Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allow remote attackers to cause a denial of servi

CVE-2014-2167 HIGH
7.8 May 02

The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers

CVE-2014-2166 HIGH
7.8 May 02

The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attackers to cause a deni

CVE-2014-2165 HIGH
7.8 May 02

The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers

CVE-2014-2164 HIGH
7.8 May 02

The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers

CVE-2014-2163 HIGH
7.8 May 02

The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remote attackers to caus

CVE-2014-2162 HIGH
7.8 May 02

The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers

Share

CVE-2014-2170 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy