Buffer Overflow Vulnerability in Cisco Telepresence System Integrator C Series
CVE-2011-2543

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Codec C40; Telepresence Codec C60; Telepresence Codec C90; Telepresence C Series Software
Vendor: CVE Published:; 23 September 2011

Summary

A buffer overflow vulnerability exists in the cuil component of Cisco Telepresence System Integrator C Series 4.x prior to TC4.2.0. This flaw allows remote authenticated users to exploit the system by providing a long location parameter to the getxml program, potentially leading to a denial of service through endpoint reboots or process crashes, and may even allow for the execution of arbitrary code under specific conditions.

References

http://www.securityfocus.com/bid/49670

vdb-entryx_refsource_BID

http://securityreason.com/securityalert/8393

third-party-advisoryx_refsource_SREASON

http://secunia.com/advisories/46057

third-party-advisoryx_refsource_SECUNIA

EPSS Score

65% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 23, 2011
Vulnerability Reserved
Jun 27, 2011