Command Injection Vulnerability in Cisco TelePresence Devices
CVE-2011-0378

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence System Software; Telepresence System 1000; Telepresence System 1100
Vendor: CVE Published:; 25 February 2011

Summary

The XML-RPC implementation on Cisco TelePresence endpoint devices, specifically those running software versions 1.2.x through 1.5.x, has a serious command injection vulnerability that enables remote attackers to execute arbitrary commands. Exploitation of this flaw could allow unauthorized access and control over the affected devices, posing significant security risks to organizations utilizing this technology. The vulnerability is identified as Bug ID CSCtb52587.

References

http://www.securitytracker.com/id?1025112

vdb-entryx_refsource_SECTRACK

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Feb 25, 2011
Vulnerability Reserved
Jan 7, 2011