Access Control Flaw in Cisco TelePresence Products
CVE-2014-2174

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Tc Software; Telepresence Te Software
Vendor: CVE Published:; 25 May 2015

What is CVE-2014-2174?

Cisco TelePresence T, TE, and TC products prior to version 7.1 suffer from a significant access control vulnerability. This loophole enables remote attackers on the local network to exploit the system, thereby gaining root privileges. Additionally, attackers with physical proximity to the device can exploit unspecified methods to achieve similar root access. Prompt action and updates are essential to mitigate the risks associated with this flaw and maintain the security of Cisco TelePresence systems.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2015
Vulnerability Reserved
Feb 25, 2014