Details of VAR-201401-0325

ID

VAR-201401-0325

CVE

CVE-2014-0661

TITLE

Cisco TelePresence System Arbitrary Command Execution Vulnerability

Trust: 0.9

sources: BID: 65071 // CNNVD: CNNVD-201401-427

DESCRIPTION

The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796. Cisco TelePresence System is prone to an arbitrary command-execution vulnerability. Remote attackers can exploit this issue to execute arbitrary calls through stack corruption with the privilege of the root user. This issue being tracked by Cisco Bug ID CSCui32796. The solution provides components such as audio and video space, which can provide remote participants with a face-to-face virtual meeting room effect. The following versions are affected: Cisco TelePresence System 500-37, 1000, 1300-65, 3xxx prior to 1.10.2(42), 500-32, 1300-47, TX1310 65, TX9xxx prior to 6.0.4(11)

Trust: 1.98

sources: NVD: CVE-2014-0661 // JVNDB: JVNDB-2014-001231 // BID: 65071 // VULHUB: VHN-68154

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence system software	scope:	eq	version:	6.1.0\(90\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.10.0	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.10.0\(259\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	6.0.0.1\(4\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	6.0.1\(50\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	6.0.2\(28\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.10.1	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.10\(3648\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.8.2\(11\)	Trust: 1.0
vendor:	cisco	model:	telepresence system tx1300 47	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system 3010	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	lte	version:	6.0.3\(33\)	Trust: 1.0
vendor:	cisco	model:	telepresence system tx1310 65	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.3\(44\)	Trust: 1.0
vendor:	cisco	model:	telepresence system 3210	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.8.4\(13\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.2\(19\)	Trust: 1.0
vendor:	cisco	model:	telepresence system 1300-65	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.8.1\(34\)	Trust: 1.0
vendor:	cisco	model:	telepresence system 3000	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system 500-37	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.8.3\(4\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.8.0\(55\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.0\(46\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.8.5\(4\)	Trust: 1.0
vendor:	cisco	model:	telepresence system 500-32	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.5\(42\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.1\(68\)	Trust: 1.0
vendor:	cisco	model:	telepresence system 3200	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.6\(2\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	lte	version:	1.10.1\(43\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.4\(19\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.5\(7\)	Trust: 1.0
vendor:	cisco	model:	telepresence system 1000	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence system 1100	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	telepresence system tx9000	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system tx9200	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.6\(4\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.6.1\(3\)	Trust: 1.0
vendor:	cisco	model:	telepresence system 1000	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 1100	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 1300-65	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 3000	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 3010	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 3200	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 3210	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 500-32	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system 500-37	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	lt	version:	1.10.2(42) (500-37	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1000	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1300-65	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	3000	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	3010	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	3200	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	3210)	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	lt	version:	6.0.4(11) (500-32	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1300-47	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	tx1310 65	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	tx9000	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	tx9200)	Trust: 0.8
vendor:	cisco	model:	telepresence system tx1300 47	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system tx1310 65	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system tx9000	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system tx9200	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.10.1\(43\)	Trust: 0.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	6.0.3\(33\)	Trust: 0.6

sources: JVNDB: JVNDB-2014-001231 // CNNVD: CNNVD-201401-427 // NVD: CVE-2014-0661

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0661
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0661
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201401-427
value:	HIGH
Trust: 0.6
VULHUB:	VHN-68154
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0661
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68154
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68154 // JVNDB: JVNDB-2014-001231 // CNNVD: CNNVD-201401-427 // NVD: CVE-2014-0661

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.9

sources: VULHUB: VHN-68154 // JVNDB: JVNDB-2014-001231 // NVD: CVE-2014-0661

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201401-427

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201401-427

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001231

PATCH

title:	cisco-sa-20130807-tp	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130807-tp	Trust: 0.8
title:	30323	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30323	Trust: 0.8
title:	cisco-sa-20140122-cts	url:	http://www.cisco.com/cisco/web/support/JP/112/1121/1121768_cisco-sa-20140122-cts-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-001231

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0661	Trust: 2.8
db:	BID	id:	65071	Trust: 1.4
db:	SECUNIA	id:	56533	Trust: 1.1
db:	SECTRACK	id:	1029656	Trust: 1.1
db:	OSVDB	id:	102362	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-001231	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-427	Trust: 0.7
db:	CISCO	id:	20140122 CISCO TELEPRESENCE SYSTEM SOFTWARE COMMAND EXECUTION VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-68154	Trust: 0.1

sources: VULHUB: VHN-68154 // BID: 65071 // JVNDB: JVNDB-2014-001231 // CNNVD: CNNVD-201401-427 // NVD: CVE-2014-0661

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140122-cts	Trust: 1.7
url:	http://www.securityfocus.com/bid/65071	Trust: 1.1
url:	http://osvdb.org/102362	Trust: 1.1
url:	http://www.securitytracker.com/id/1029656	Trust: 1.1
url:	http://secunia.com/advisories/56533	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/90624	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0661	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0661	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-68154 // BID: 65071 // JVNDB: JVNDB-2014-001231 // CNNVD: CNNVD-201401-427 // NVD: CVE-2014-0661

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 65071

SOURCES

db:	VULHUB	id:	VHN-68154
db:	BID	id:	65071
db:	JVNDB	id:	JVNDB-2014-001231
db:	CNNVD	id:	CNNVD-201401-427
db:	NVD	id:	CVE-2014-0661

LAST UPDATE DATE

2024-11-23T22:13:50.186000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68154	date:	2017-08-29T00:00:00
db:	BID	id:	65071	date:	2014-01-28T00:33:00
db:	JVNDB	id:	JVNDB-2014-001231	date:	2014-01-24T00:00:00
db:	CNNVD	id:	CNNVD-201401-427	date:	2014-01-30T00:00:00
db:	NVD	id:	CVE-2014-0661	date:	2024-11-21T02:02:36.660

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68154	date:	2014-01-22T00:00:00
db:	BID	id:	65071	date:	2014-01-22T00:00:00
db:	JVNDB	id:	JVNDB-2014-001231	date:	2014-01-24T00:00:00
db:	CNNVD	id:	CNNVD-201401-427	date:	2014-01-30T00:00:00
db:	NVD	id:	CVE-2014-0661	date:	2014-01-22T21:55:03.560