Sign-up

ID

VAR-201405-0488


CVE

CVE-2014-2169


TITLE

Cisco TelePresence TC Software and TE Software arbitrary command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002370

DESCRIPTION

Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal system scripts, aka Bug ID CSCue60211. Vendors have confirmed this vulnerability Bug ID CSCue60211 It is released as.An arbitrary command may be executed by a remotely authenticated user by using the command as an argument of an internal system script. Multiple remote denial-of-service vulnerabilities 2. A buffer-overflow vulnerability 3. A command-injection vulnerability 4. A command-injection vulnerability 5. A heap-based buffer-overflow vulnerability 6. A local buffer-overflow vulnerability 7. A local authentication-bypass vulnerability 8. A remote denial-of-service vulnerability Attackers can exploit these issues to execute arbitrary code in the context of the device, bypass authentication mechanisms, gain unauthorized access, execute arbitrary commands, or cause denial-of-service conditions; other attacks may also be possible. These issues are being tracked by Cisco Bug IDs CSCud29566, CSCua64961, CSCuj94651, CSCtq72699, CSCto70562, CSCua86589, CSCty44804, CSCue60211, CSCue60202, CSCud81796, CSCub67693, CSCub67692, and CSCtq78849. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco)

Trust: 1.98

sources: NVD: CVE-2014-2169 // JVNDB: JVNDB-2014-002370 // BID: 67170 // VULHUB: VHN-70108

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence te softwarescope:eqversion:6.0

Trust: 2.4

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.1.2

Trust: 1.6

vendor:ciscomodel:telepresence te softwarescope:eqversion:4.1.3

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.5

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.4

Trust: 1.6

vendor:ciscomodel:telepresence te softwarescope:eqversion:4.1.1

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.6

Trust: 1.6

vendor:ciscomodel:telepresence te softwarescope:eqversion:4.1.2

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.0

Trust: 1.6

vendor:ciscomodel:telepresence te softwarescope:eqversion:4.1.0

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.0.4

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.1

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.1.0

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.1.1

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.1.1

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.0.0

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.2

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.1

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.1.2

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.2

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.3

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.0.0

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.0.0

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.2.3

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.7

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.0.1

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.0.1

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.0

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.0.2

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.1.4

Trust: 1.0

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.0.1

Trust: 1.0

vendor:ciscomodel:telepresencescope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:ltversion:6.x

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:eqversion:4.x

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.2.0

Trust: 0.8

vendor:ciscomodel:telepresence te softwarescope:eqversion:4.x

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:eqversion:5.x

Trust: 0.8

sources: JVNDB: JVNDB-2014-002370 // CNNVD: CNNVD-201405-032 // NVD: CVE-2014-2169

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2169
value: HIGH

Trust: 1.0

NVD: CVE-2014-2169
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201405-032
value: CRITICAL

Trust: 0.6

VULHUB: VHN-70108
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-2169
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70108
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70108 // JVNDB: JVNDB-2014-002370 // CNNVD: CNNVD-201405-032 // NVD: CVE-2014-2169

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-70108 // JVNDB: JVNDB-2014-002370 // NVD: CVE-2014-2169

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-032

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201405-032

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002370

PATCH
title:cisco-sa-20140430-tcteurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte
Trust: 0.8
title:33893url:http://tools.cisco.com/security/center/viewAlert.x?alertId=33893
Trust: 0.8
title:cisco-sa-20140430-tcteurl:http://www.cisco.com/cisco/web/support/JP/112/1122/1122529_cisco-sa-20140430-tcte-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002370

EXTERNAL IDS
db:NVDid:CVE-2014-2169
Trust: 2.8
db:JVNDBid:JVNDB-2014-002370
Trust: 0.8
db:CNNVDid:CNNVD-201405-032
Trust: 0.7
db:CISCOid:20140430 MULTIPLE VULNERABILITIES IN CISCO TELEPRESENCE TC AND TE SOFTWARE
Trust: 0.6
db:BIDid:67170
Trust: 0.3
db:VULHUBid:VHN-70108
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70108 // 
            
            
            
            BID: 67170 // 
            
            
            
            JVNDB: JVNDB-2014-002370 // 
            
            
            
            CNNVD: CNNVD-201405-032 // 
            
            
            
            NVD: CVE-2014-2169

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140430-tcte
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2169
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2169
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-70108 // 
            
            
            
            BID: 67170 // 
            
            
            
            JVNDB: JVNDB-2014-002370 // 
            
            
            
            CNNVD: CNNVD-201405-032 // 
            
            
            
            NVD: CVE-2014-2169

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 67170

SOURCES
db:VULHUBid:VHN-70108
db:BIDid:67170
db:JVNDBid:JVNDB-2014-002370
db:CNNVDid:CNNVD-201405-032
db:NVDid:CVE-2014-2169

LAST UPDATE DATE
2024-11-23T22:02:10.679000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70108date:2014-05-02T00:00:00
db:BIDid:67170date:2014-05-09T00:42:00
db:JVNDBid:JVNDB-2014-002370date:2014-05-07T00:00:00
db:CNNVDid:CNNVD-201405-032date:2014-05-07T00:00:00
db:NVDid:CVE-2014-2169date:2024-11-21T02:05:46.920

SOURCES RELEASE DATE
db:VULHUBid:VHN-70108date:2014-05-02T00:00:00
db:BIDid:67170date:2014-04-30T00:00:00
db:JVNDBid:JVNDB-2014-002370date:2014-05-07T00:00:00
db:CNNVDid:CNNVD-201405-032date:2014-05-07T00:00:00
db:NVDid:CVE-2014-2169date:2014-05-02T10:55:08.320