RCE in Cisco Telepresence_manager

CVE-2012-2486

The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording S…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.010 (77.7th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_manager — versions 1.1.0.0, 1.1.0.0\(209\), 1.2.0.0
Cisco Telepresence_multipoint_switch
Cisco Telepresence_multipoint_switch_software — versions 1.0.4.0, 1.0.4.0\(21\), 1.1.0
Cisco Telepresence_recording_server — versions 1.6.1\(2\), 1.6.2\(31\), 1.6.3\(4\)
Cisco Telepresence_system_1300_65
Cisco Telepresence_system_3000
Cisco Telepresence_system_3010
Cisco Telepresence_system_3200
Cisco Telepresence_system_3210
Cisco Telepresence_system_software — versions 1.2.3\(1101\), 1.3.2\(1393\), 1.4.7\(2229\)

Weakness classification (CWE)

CWE-94 — Code Injection

References

20120711 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
20120711 Multiple Vulnerabilities in Cisco TelePresence Manager (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
20120711 Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
20120711 Multiple Vulnerabilities in Cisco TelePresence Recording Server (x_refsource_CISCO, vendor-advisory, Vendor Advisory)