[c-nsp] Cisco Security Advisory: Command Injection Vulnerability in Multiple Cisco TelePresence Products
Cisco Systems Product Security Incident Response Team
psirt at cisco.com
Wed May 13 12:06:26 EDT 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Cisco Security Advisory: Command Injection Vulnerability in Multiple Cisco TelePresence Products
Advisory ID: cisco-sa-20150513-tp
Revision 1.0
For Public Release 2015 May 13 16:00 UTC (GMT)
+----------------------------------------------------------------------
Summary
=======
A vulnerability in the web framework of multiple Cisco TelePresence products could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. Administrative privileges are required in order to access the affected parameter. A successful exploit could allow an attacker to execute system commands with the privileges of the root user.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJVU3TLAAoJEIpI1I6i1Mx3jecP/3kHeHdA/61g2gSFRTRQf2xL
uIwAlCtJvxc7t7Wojrvo575D0Fn0QKXAlONaNkbLJ4g2NPrt+cTUejjFf1HbtEPL
9jUeiDbxS0b6ieIr/B9w8GXuVRSkPoxWNokWDWgog8hs5AZdp+b8pdK80K+SG3wP
SZd8yUbY+t6zRYDw3i1ZnVUeE72rpfzO2KpauoHjyuWHi6NcfQeZr1ZfNAeLaq23
t041gPynTUuyM95Wz0QWQhUXAVNaDHcHdNZ3Gg31lBxS2r9Phmm5OgJ9aVx129rm
2LO9aQLFL+v0shwY6LSo/3GzUWtZmbn/SzsXHb7vyfPzBwfv+E8enkZj2QCA+7Ob
A9e9t3rInTKsQMm+gGjW0n6usOpvCXZuK8LmRWGSTmpFJ6DkS7mulN7bILzmUeLL
5tl6Ef56tM9Li4lVMzfxPNypMOj5Bntv1Pam87uXFR1ND0g/+6XMHg2E0TLi/E1K
hu1Nuiy6ofBNSewN/Ql6WTDGi2yKviJRrCNaCDKA2pQN5uZNmZS3giSxHqxIFOd/
n3rhhm9Ju8qr6SADJK3cg6r5A4/OU/axzlVzvgFl1dgGSi2VYaBu9uKvw/9DyosE
dM7UbaCCey8cB0obaQl87B7gSo90zZVp4q6J1Yx5BrB1gS9iEV/VSfItydGO1jBL
xAPKB9ZcTaUxE/dZhoLl
=obwP
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list