RCE in Cisco Telepresence_system_1000

CVE-2014-0661

The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands o…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.040 (88.7th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_system_1000
Cisco Telepresence_system_1100
Cisco Telepresence_system_1300-65
Cisco Telepresence_system_3000
Cisco Telepresence_system_3010
Cisco Telepresence_system_3200
Cisco Telepresence_system_3210
Cisco Telepresence_system_500-32
Cisco Telepresence_system_500-37
Cisco Telepresence_system_software — versions 1.5.10\(3648\), 1.7.5\(42\), 1.7.6\(4\)

Weakness classification (CWE)

CWE-94 — Code Injection

References

102362 (x_refsource_OSVDB, vdb-entry)
20140122 Cisco TelePresence System Software Command Execution Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
cisco-telepresence-cve20140661-command-exec(90624) (vdb-entry, x_refsource_XF)
65071 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
56533 (x_refsource_SECUNIA, third-party-advisory)
1029656 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)