Command Injection Vulnerability in Cisco TelePresence Endpoint Devices
CVE-2011-0374

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence System Software; Telepresence System 1000; Telepresence System 1100
Vendor: CVE Published:; 25 February 2011

Summary

The CGI implementation on Cisco TelePresence endpoint devices running software versions 1.2.x to 1.5.x is susceptible to command injection. Remote authenticated users may exploit this vulnerability by sending specially crafted requests, enabling them to execute arbitrary commands. This issue poses a significant threat to system integrity and could lead to unauthorized access or control of the affected devices.

References

http://www.securitytracker.com/id?1025112

vdb-entryx_refsource_SECTRACK

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Feb 25, 2011
Vulnerability Reserved
Jan 7, 2011