Arbitrary Command Execution Vulnerability in Cisco TelePresence TC and TE Software
CVE-2014-2170

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Te Software
Vendor: CVE Published:; 2 May 2014

What is CVE-2014-2170?

The vulnerability allows remote authenticated users to execute arbitrary commands through crafted arguments passed to tshell scripts within Cisco TelePresence TC and TE Software versions below specified updates. This defect poses a serious risk as it could lead to unauthorized control over affected devices. Proper patch management and user authentication processes need to be implemented to mitigate this risk.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2014
Vulnerability Reserved
Feb 25, 2014