The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671.
http://www.securitytracker.com/id?1025112
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e152.shtml