Remote Code Execution in Cisco TelePresence System by Malicious XML-RPC Messages
CVE-2014-0661

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence System Software; Telepresence System 1000; Telepresence System 1300-65; Telepresence System 3000
Vendor: CVE Published:; 22 January 2014

Summary

The System Status Collection Daemon (SSCD) in various Cisco TelePresence Systems has a vulnerability that allows an attacker to execute arbitrary commands through specially crafted XML-RPC messages. This weakness can also lead to denial of service conditions due to stack memory corruption. Attackers exploiting this vulnerability may leverage it to gain unauthorized access to system functions, posing significant risks to network security.

References

http://osvdb.org/102362

vdb-entryx_refsource_OSVDB

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

https://exchange.xforce.ibmcloud.com/vulnerabilities/90624

vdb-entryx_refsource_XF

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 22, 2014
Vulnerability Reserved
Jan 2, 2014