Command Injection Vulnerability in Cisco TelePresence Endpoint Devices
CVE-2011-0373

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence System Software; Telepresence System 1000; Telepresence System 1100
Vendor: CVE Published:; 25 February 2011

Summary

The CGI implementation on Cisco TelePresence endpoint devices, specifically versions 1.2.x through 1.5.x, is susceptible to command injection. This flaw allows remote authenticated users to execute arbitrary commands through specially crafted requests, posing serious risks to the integrity and availability of the system. The vulnerability is identified in Bug ID CSCtb31685, and resolving it requires applying the appropriate security updates provided by Cisco.

References

http://www.securitytracker.com/id?1025112

vdb-entryx_refsource_SECTRACK

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Feb 25, 2011
Vulnerability Reserved
Jan 7, 2011