Heap-Based Buffer Overflow in Cisco TelePresence TC and TE Software
CVE-2014-2171

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Te Software
Vendor: CVE Published:; 2 May 2014

Summary

This vulnerability involves a heap-based buffer overflow in Cisco TelePresence TC Software versions 4.x through 6.x prior to 6.0.1 and TE Software versions 4.x and 6.0.x prior to 6.0.2. Remote attackers can exploit this weakness by sending specially crafted SIP packets, which may allow them to execute arbitrary code on affected devices. Organizations using these software versions are encouraged to apply the necessary updates to mitigate potential security risks.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 2, 2014
Vulnerability Reserved
Feb 25, 2014