RCE in Cisco Telepresence_system_1000

CVE-2011-0378

The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.019 (83.5th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_system_1000
Cisco Telepresence_system_1100
Cisco Telepresence_system_1300_series
Cisco Telepresence_system_3000
Cisco Telepresence_system_3200_series
Cisco Telepresence_system_500_series
Cisco Telepresence_system_software — versions 1.2.3, 1.3.2, 1.4.7
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

1025112 (vdb-entry, x_refsource_SECTRACK)
20110223 Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices (x_refsource_CISCO, vendor-advisory, Vendor Advisory)