RCE in Cisco Telepresence_system_1300_65
CVE-2012-3074
An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382.
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.009 (76.1th percentile) — read the EPSS interpretation.
Affected products
- Cisco Telepresence_system_1300_65
- Cisco Telepresence_system_3000
- Cisco Telepresence_system_3010
- Cisco Telepresence_system_3200
- Cisco Telepresence_system_3210
- Cisco Telepresence_system_software — versions 1.2.3\(1101\), 1.3.2\(1393\), 1.4.7\(2229\)
- Cisco Telepresence_system_t3
- Cisco Telepresence_system_tx1300_47
- Cisco Telepresence_system_tx1310_65
- Cisco Telepresence_system_tx9000
Weakness classification (CWE)
References
- 20120711 Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices (x_refsource_CISCO, vendor-advisory, Vendor Advisory)