Details of VAR-201207-0176

ID

VAR-201207-0176

CVE

CVE-2012-3075

TITLE

Cisco TelePresence Immersive An arbitrary command execution vulnerability in endpoint devices

Trust: 0.8

sources: JVNDB: JVNDB-2012-003060

DESCRIPTION

The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724. Cisco TelePresence Immersive Endpoint is a video telepresence system. Also known as Bug ID CSCtn99724. ---------------------------------------------------------------------- We are millions! Join us to protect all Pc's Worldwide. Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends: http://secunia.com/psi ---------------------------------------------------------------------- TITLE: Cisco TelePresence Immersive Endpoint Multiple Vulnerabilities SECUNIA ADVISORY ID: SA49879 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49879/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49879 RELEASE DATE: 2012-07-12 DISCUSS ADVISORY: http://secunia.com/advisories/49879/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49879/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49879 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco TelePresence Immersive Endpoint devices, which can be exploited by malicious users and malicious people to compromise a vulnerable system. 2) An error exists within the handling of Cisco Discovery Protocol (CDP) packets. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.34

sources: NVD: CVE-2012-3075 // JVNDB: JVNDB-2012-003060 // CNVD: CNVD-2012-3674 // VULHUB: VHN-56356 // PACKETSTORM: 114654

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-3674

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.2.3\(1101\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.11\(3659\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.4.7\(2229\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.13\(3717\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.3.2\(1393\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.12\(3701\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.0.2\(4719\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.1\(2082\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.10\(3648\)	Trust: 1.6
vendor:	cisco	model:	telepresence system tx1300 47	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.6\(4109\)	Trust: 1.0
vendor:	cisco	model:	telepresence system tx9000	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system tx1310 65	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.2\(4023\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.3\(4042\)	Trust: 1.0
vendor:	cisco	model:	telepresence system t3	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.0.1\(4764\)	Trust: 1.0
vendor:	cisco	model:	telepresence system 3000	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.2.1\(2\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.3\(2115\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.1\(4864\)	Trust: 1.0
vendor:	cisco	model:	telepresence system 3210	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system tx9200	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	lte	version:	1.7.2\(4937\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.5\(4097\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.7\(4212\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.8\(4222\)	Trust: 1.0
vendor:	cisco	model:	telepresence system 3010	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system 3200	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system 1300 65	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.4\(4072\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.0\(3954\)	Trust: 1.0
vendor:	cisco	model:	telepresence system 1300-65	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 3000	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 3010	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 3200	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 3210	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	lt	version:	1.7.4	Trust: 0.8
vendor:	cisco	model:	telepresence system t3	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system tx1300 47	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system tx1310 65	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system tx9000	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system tx9200	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence immersive endpoint	scope:	lt	version:	1.9.1	Trust: 0.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.2\(4937\)	Trust: 0.6

sources: CNVD: CNVD-2012-3674 // JVNDB: JVNDB-2012-003060 // CNNVD: CNNVD-201207-152 // NVD: CVE-2012-3075

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3075
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-3075
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201207-152
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-56356
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2012-3075
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-56356
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-56356 // JVNDB: JVNDB-2012-003060 // CNNVD: CNNVD-201207-152 // NVD: CVE-2012-3075

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-56356 // JVNDB: JVNDB-2012-003060 // NVD: CVE-2012-3075

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201207-152

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201207-152

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003060

PATCH

title:	cisco-sa-20120711-cts	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts	Trust: 0.8
title:	26345	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=26345	Trust: 0.8
title:	cisco-sa-20120711-cts	url:	http://www.cisco.com/cisco/web/support/JP/111/1115/1115546_cisco-sa-20120711-cts-j.html	Trust: 0.8
title:	Patch for Cisco TelePresence Immersive Endpoint Devices Remote Command Injection Vulnerability (CNVD-2012-3674)	url:	https://www.cnvd.org.cn/patchInfo/show/18833	Trust: 0.6

sources: CNVD: CNVD-2012-3674 // JVNDB: JVNDB-2012-003060

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3075	Trust: 3.1
db:	JVNDB	id:	JVNDB-2012-003060	Trust: 0.8
db:	CNNVD	id:	CNNVD-201207-152	Trust: 0.7
db:	SECUNIA	id:	49879	Trust: 0.7
db:	CNVD	id:	CNVD-2012-3674	Trust: 0.6
db:	CISCO	id:	20120711 MULTIPLE VULNERABILITIES IN CISCO TELEPRESENCE IMMERSIVE ENDPOINT DEVICES	Trust: 0.6
db:	VULHUB	id:	VHN-56356	Trust: 0.1
db:	PACKETSTORM	id:	114654	Trust: 0.1

sources: CNVD: CNVD-2012-3674 // VULHUB: VHN-56356 // JVNDB: JVNDB-2012-003060 // PACKETSTORM: 114654 // CNNVD: CNNVD-201207-152 // NVD: CVE-2012-3075

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20120711-cts	Trust: 2.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3075	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3075	Trust: 0.8
url:	http://secunia.com/advisories/49879	Trust: 0.6
url:	http://secunia.com/advisories/49879/	Trust: 0.1
url:	http://secunia.com/psi	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=49879	Trust: 0.1
url:	http://secunia.com/advisories/49879/#comments	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2012-3674 // VULHUB: VHN-56356 // JVNDB: JVNDB-2012-003060 // PACKETSTORM: 114654 // CNNVD: CNNVD-201207-152 // NVD: CVE-2012-3075

CREDITS

Secunia

Trust: 0.1

sources: PACKETSTORM: 114654

SOURCES

db:	CNVD	id:	CNVD-2012-3674
db:	VULHUB	id:	VHN-56356
db:	JVNDB	id:	JVNDB-2012-003060
db:	PACKETSTORM	id:	114654
db:	CNNVD	id:	CNNVD-201207-152
db:	NVD	id:	CVE-2012-3075

LAST UPDATE DATE

2024-11-23T22:02:39.661000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-3674	date:	2012-07-17T00:00:00
db:	VULHUB	id:	VHN-56356	date:	2012-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2012-003060	date:	2012-07-13T00:00:00
db:	CNNVD	id:	CNNVD-201207-152	date:	2012-07-19T00:00:00
db:	NVD	id:	CVE-2012-3075	date:	2024-11-21T01:40:11.740

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-3674	date:	2012-07-17T00:00:00
db:	VULHUB	id:	VHN-56356	date:	2012-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2012-003060	date:	2012-07-13T00:00:00
db:	PACKETSTORM	id:	114654	date:	2012-07-12T06:05:35
db:	CNNVD	id:	CNNVD-201207-152	date:	2012-07-13T00:00:00
db:	NVD	id:	CVE-2012-3075	date:	2012-07-12T10:34:42.380