Sign-up

ID

VAR-201207-0175


CVE

CVE-2012-3074


TITLE

Cisco TelePresence Immersive Endpoint device API Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2012-003059

DESCRIPTION

An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382. The vulnerability is caused by the affected software not correctly handling the malformed request. Unauthenticated remote attackers can exploit the vulnerability to send malicious requests to port 61460. Successful exploitation of the vulnerability can execute arbitrary commands on the device with high privileges. The solution provides components such as audio and video spaces, which can provide remote participants with a "face-to-face" virtual meeting room effect. Also known as Bug ID CSCtz38382. ---------------------------------------------------------------------- We are millions! Join us to protect all Pc's Worldwide. Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends: http://secunia.com/psi ---------------------------------------------------------------------- TITLE: Cisco TelePresence Immersive Endpoint Multiple Vulnerabilities SECUNIA ADVISORY ID: SA49879 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49879/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49879 RELEASE DATE: 2012-07-12 DISCUSS ADVISORY: http://secunia.com/advisories/49879/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49879/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49879 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco TelePresence Immersive Endpoint devices, which can be exploited by malicious users and malicious people to compromise a vulnerable system. 2) An error exists within the handling of Cisco Discovery Protocol (CDP) packets. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2012-3074 // JVNDB: JVNDB-2012-003059 // CNVD: CNVD-2012-3671 // BID: 54389 // VULHUB: VHN-56355 // PACKETSTORM: 114654

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-3671

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.7.2\(4937\)

Trust: 1.6

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.6.6\(4109\)

Trust: 1.6

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.6.5\(4097\)

Trust: 1.6

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.6.3\(4042\)

Trust: 1.6

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.7.1\(4864\)

Trust: 1.6

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.7.0.1\(4764\)

Trust: 1.6

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.6.7\(4212\)

Trust: 1.6

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.7.0.2\(4719\)

Trust: 1.6

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.6.8\(4222\)

Trust: 1.6

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.6.4\(4072\)

Trust: 1.6

vendor:ciscomodel:telepresence system tx1300 47scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:lteversion:1.9.0.1\(3\)

Trust: 1.0

vendor:ciscomodel:telepresence system 3000scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.5.1\(2082\)

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.7.2.1\(2\)

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.3.2\(1393\)

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.7.4\(270\)

Trust: 1.0

vendor:ciscomodel:telepresence system tx9200scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:telepresence system 3210scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.8.1\(34\)

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.5.13\(3717\)

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.5.11\(3659\)

Trust: 1.0

vendor:ciscomodel:telepresence system 3200scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.5.12\(3701\)

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.8.3\(4\)

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.5.10\(3648\)

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.8.2\(11\)

Trust: 1.0

vendor:ciscomodel:telepresence system tx9000scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:telepresence system tx1310 65scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.6.2\(4023\)

Trust: 1.0

vendor:ciscomodel:telepresence system t3scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.7.6\(4\)

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.5.3\(2115\)

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.9.0\(46\)

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.2.3\(1101\)

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.7.5\(42\)

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.4.7\(2229\)

Trust: 1.0

vendor:ciscomodel:telepresence system 3010scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:telepresence system 1300 65scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.8.0\(55\)

Trust: 1.0

vendor:ciscomodel:telepresence system softwarescope:eqversion:1.6.0\(3954\)

Trust: 1.0

vendor:ciscomodel:telepresence system 1300-65scope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence system 3000scope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence system 3010scope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence system 3200scope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence system 3210scope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence system softwarescope:ltversion:1.9.1

Trust: 0.8

vendor:ciscomodel:telepresence system t3scope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence system tx1300 47scope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence system tx1310 65scope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence system tx9000scope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence system tx9200scope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence immersive endpointscope:ltversion:1.9.1

Trust: 0.6

sources: CNVD: CNVD-2012-3671 // JVNDB: JVNDB-2012-003059 // CNNVD: CNNVD-201207-147 // NVD: CVE-2012-3074

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3074
value: HIGH

Trust: 1.0

NVD: CVE-2012-3074
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201207-147
value: HIGH

Trust: 0.6

VULHUB: VHN-56355
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-3074
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-56355
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-56355 // JVNDB: JVNDB-2012-003059 // CNNVD: CNNVD-201207-147 // NVD: CVE-2012-3074

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-56355 // JVNDB: JVNDB-2012-003059 // NVD: CVE-2012-3074

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201207-147

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201207-147

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003059

PATCH
title:cisco-sa-20120711-ctsurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts
Trust: 0.8
title:26344url:http://tools.cisco.com/security/center/viewAlert.x?alertId=26344
Trust: 0.8
title:cisco-sa-20120711-ctsurl:http://www.cisco.com/cisco/web/support/JP/111/1115/1115546_cisco-sa-20120711-cts-j.html
Trust: 0.8
title:Patch for Cisco TelePresence Immersive Endpoint Devices Remote Command Injection Vulnerability (CNVD-2012-3671)url:https://www.cnvd.org.cn/patchInfo/show/18831
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-3671 // 
            
            
            
            JVNDB: JVNDB-2012-003059

EXTERNAL IDS
db:NVDid:CVE-2012-3074
Trust: 3.4
db:BIDid:54389
Trust: 1.0
db:JVNDBid:JVNDB-2012-003059
Trust: 0.8
db:CNNVDid:CNNVD-201207-147
Trust: 0.7
db:SECUNIAid:49879
Trust: 0.7
db:CNVDid:CNVD-2012-3671
Trust: 0.6
db:NSFOCUSid:19979
Trust: 0.6
db:CISCOid:20120711 MULTIPLE VULNERABILITIES IN CISCO TELEPRESENCE IMMERSIVE ENDPOINT DEVICES
Trust: 0.6
db:VULHUBid:VHN-56355
Trust: 0.1
db:PACKETSTORMid:114654
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-3671 // 
            
            
            
            VULHUB: VHN-56355 // 
            
            
            
            BID: 54389 // 
            
            
            
            JVNDB: JVNDB-2012-003059 // 
            
            
            
            PACKETSTORM: 114654 // 
            
            
            
            CNNVD: CNNVD-201207-147 // 
            
            
            
            NVD: CVE-2012-3074

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20120711-cts
Trust: 2.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3074
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3074
Trust: 0.8
url:http://tools.cisco.com/security/center/viewalert.x?alertid=26344
Trust: 0.6
url:http://secunia.com/advisories/49879
Trust: 0.6
url:http://www.securityfocus.com/bid/54389
Trust: 0.6
url:http://www.nsfocus.net/vulndb/19979
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://secunia.com/advisories/49879/
Trust: 0.1
url:http://secunia.com/psi
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=49879
Trust: 0.1
url:http://secunia.com/advisories/49879/#comments
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-3671 // 
            
            
            
            VULHUB: VHN-56355 // 
            
            
            
            BID: 54389 // 
            
            
            
            JVNDB: JVNDB-2012-003059 // 
            
            
            
            PACKETSTORM: 114654 // 
            
            
            
            CNNVD: CNNVD-201207-147 // 
            
            
            
            NVD: CVE-2012-3074

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 54389 // 
            
            
            
            CNNVD: CNNVD-201207-147

SOURCES
db:CNVDid:CNVD-2012-3671
db:VULHUBid:VHN-56355
db:BIDid:54389
db:JVNDBid:JVNDB-2012-003059
db:PACKETSTORMid:114654
db:CNNVDid:CNNVD-201207-147
db:NVDid:CVE-2012-3074

LAST UPDATE DATE
2024-11-23T22:02:39.575000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-3671date:2012-07-17T00:00:00
db:VULHUBid:VHN-56355date:2018-10-30T00:00:00
db:BIDid:54389date:2012-07-11T00:00:00
db:JVNDBid:JVNDB-2012-003059date:2012-07-13T00:00:00
db:CNNVDid:CNNVD-201207-147date:2012-07-13T00:00:00
db:NVDid:CVE-2012-3074date:2024-11-21T01:40:11.610

SOURCES RELEASE DATE
db:CNVDid:CNVD-2012-3671date:2012-07-17T00:00:00
db:VULHUBid:VHN-56355date:2012-07-12T00:00:00
db:BIDid:54389date:2012-07-11T00:00:00
db:JVNDBid:JVNDB-2012-003059date:2012-07-13T00:00:00
db:PACKETSTORMid:114654date:2012-07-12T06:05:35
db:CNNVDid:CNNVD-201207-147date:2012-07-13T00:00:00
db:NVDid:CVE-2012-3074date:2012-07-12T10:34:42.347