Details of VAR-201306-0162

ID

VAR-201306-0162

CVE

CVE-2013-3379

TITLE

Cisco TelePresence TC Software Vulnerable to root access shell access

Trust: 0.8

sources: JVNDB: JVNDB-2013-003095

DESCRIPTION

The firewall subsystem in Cisco TelePresence TC Software before 4.2 does not properly implement rules that grant access to hosts, which allows remote attackers to obtain shell access with root privileges by leveraging connectivity to the management network, aka Bug ID CSCts37781. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCts37781. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco). The solution provides components such as audio and video spaces, which can provide remote participants with a "face-to-face" virtual meeting room effect

Trust: 1.98

sources: NVD: CVE-2013-3379 // JVNDB: JVNDB-2013-003095 // BID: 60679 // VULHUB: VHN-63381

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.0.1	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.0.0	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.1.1	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.0.4	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	lte	version:	4.1.2	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	lt	version:	4.2	Trust: 0.8
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.1.2	Trust: 0.6

sources: JVNDB: JVNDB-2013-003095 // CNNVD: CNNVD-201306-381 // NVD: CVE-2013-3379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3379
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-3379
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201306-381
value:	HIGH
Trust: 0.6
VULHUB:	VHN-63381
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-3379
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63381
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63381 // JVNDB: JVNDB-2013-003095 // CNNVD: CNNVD-201306-381 // NVD: CVE-2013-3379

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-63381 // JVNDB: JVNDB-2013-003095 // NVD: CVE-2013-3379

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201306-381

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201306-381

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003095

PATCH

title:	cisco-sa-20130619-tpc	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc	Trust: 0.8
title:	29650	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29650	Trust: 0.8
title:	cisco-sa-20130619-tpc	url:	http://www.cisco.com/cisco/web/support/JP/111/1118/1118409_cisco-sa-20130619-tpc-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-003095

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3379	Trust: 2.8
db:	BID	id:	60679	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-003095	Trust: 0.8
db:	CNNVD	id:	CNNVD-201306-381	Trust: 0.7
db:	CISCO	id:	20130619 MULTIPLE VULNERABILITIES IN CISCO TELEPRESENCE TC AND TE SOFTWARE	Trust: 0.6
db:	VULHUB	id:	VHN-63381	Trust: 0.1

sources: VULHUB: VHN-63381 // BID: 60679 // JVNDB: JVNDB-2013-003095 // CNNVD: CNNVD-201306-381 // NVD: CVE-2013-3379

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130619-tpc	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3379	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3379	Trust: 0.8
url:	http://www.securityfocus.com/bid/60679	Trust: 0.6
url:	http://www.cisco.com	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps7060/index.html	Trust: 0.3

sources: VULHUB: VHN-63381 // BID: 60679 // JVNDB: JVNDB-2013-003095 // CNNVD: CNNVD-201306-381 // NVD: CVE-2013-3379

CREDITS

Cisco

Trust: 0.9

sources: BID: 60679 // CNNVD: CNNVD-201306-381

SOURCES

db:	VULHUB	id:	VHN-63381
db:	BID	id:	60679
db:	JVNDB	id:	JVNDB-2013-003095
db:	CNNVD	id:	CNNVD-201306-381
db:	NVD	id:	CVE-2013-3379

LAST UPDATE DATE

2024-08-14T13:58:17.736000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63381	date:	2013-06-21T00:00:00
db:	BID	id:	60679	date:	2013-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2013-003095	date:	2013-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201306-381	date:	2013-06-24T00:00:00
db:	NVD	id:	CVE-2013-3379	date:	2013-06-21T13:57:25.660

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63381	date:	2013-06-21T00:00:00
db:	BID	id:	60679	date:	2013-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2013-003095	date:	2013-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201306-381	date:	2013-06-24T00:00:00
db:	NVD	id:	CVE-2013-3379	date:	2013-06-21T13:57:25.660