RCE in Cisco Telepresence_system_1000

CVE-2011-0372

The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.039 (88.5th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_system_1000
Cisco Telepresence_system_1100
Cisco Telepresence_system_1300_series
Cisco Telepresence_system_3000
Cisco Telepresence_system_3200_series
Cisco Telepresence_system_500_series
Cisco Telepresence_system_software — versions 1.2.3, 1.3.2, 1.4.7
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

1025112 (vdb-entry, x_refsource_SECTRACK)
20110223 Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices (x_refsource_CISCO, vendor-advisory, Vendor Advisory)