RCE in Cisco Telepresence_system_1300_65
CVE-2012-3075
The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724.
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.006 (70.5th percentile) — read the EPSS interpretation.
Affected products
- Cisco Telepresence_system_1300_65
- Cisco Telepresence_system_3000
- Cisco Telepresence_system_3010
- Cisco Telepresence_system_3200
- Cisco Telepresence_system_3210
- Cisco Telepresence_system_software — versions 1.2.3\(1101\), 1.3.2\(1393\), 1.4.7\(2229\)
- Cisco Telepresence_system_t3
- Cisco Telepresence_system_tx1300_47
- Cisco Telepresence_system_tx1310_65
- Cisco Telepresence_system_tx9000
Weakness classification (CWE)
References
- 20120711 Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices (x_refsource_CISCO, vendor-advisory, Vendor Advisory)