Command Injection Vulnerability in Cisco TelePresence Endpoint Devices
CVE-2011-0372

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence System Software; Telepresence System 1000; Telepresence System 1100
Vendor: CVE Published:; 25 February 2011

Summary

The CGI implementation on Cisco TelePresence endpoint devices running software version 1.2.x through 1.5.x is susceptible to command injection attacks. This vulnerability enables remote attackers to execute arbitrary commands through specially crafted requests, posing significant security risks. Notably, it is associated with Bug ID CSCtb31640, highlighting the importance of timely updates and patches to mitigate potential exploitation.

References

http://www.securitytracker.com/id?1025112

vdb-entryx_refsource_SECTRACK

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Feb 25, 2011
Vulnerability Reserved
Jan 7, 2011