Cisco TelePresence System Software Command Execution

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote device may be affected by a command execution
vulnerability.

Description :

According to the self-reported device name of the remote device, it may
be a Cisco TelePresence System device. Nessus cannot determine the
version of the software running on this device, but it may be affected
by a vulnerability that could allow an unauthorized user to execute
arbitrary commands via a specially crafted XML remote procedure call.

See also :

http://www.nessus.org/u?6c63336a
http://tools.cisco.com/security/center/viewAlert.x?alertId=32461

Solution :

Upgrade to the appropriate software version per the vendor's
advisory.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 72183 ()

Bugtraq ID: 65071

CVE ID: CVE-2014-0661