Command Injection Vulnerability in Cisco TelePresence Endpoint Devices
CVE-2011-0375

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence System Software; Telepresence System 1000; Telepresence System 1100
Vendor: CVE Published:; 25 February 2011

Summary

The CGI implementation on Cisco TelePresence endpoint devices running software versions between 1.2.x and 1.6.x is susceptible to command injection attacks, allowing remote authenticated users to execute arbitrary commands by sending specially crafted requests. This vulnerability poses significant risks by potentially compromising the integrity and security of network communications. Proper security measures and timely updates are critical to safeguarding these devices from exploitation, as indicated by Bug ID CSCth24671.

References

http://www.securitytracker.com/id?1025112

vdb-entryx_refsource_SECTRACK

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Feb 25, 2011
Vulnerability Reserved
Jan 7, 2011