Cisco TelePresence System Software Command Execution

high Nessus Plugin ID 72183

Synopsis

The remote device may be affected by a command execution vulnerability.

Description

According to the self-reported device name of the remote device, it may be a Cisco TelePresence System device. Nessus cannot determine the version of the software running on this device, but it may be affected by a vulnerability that could allow an unauthorized user to execute arbitrary commands via a specially crafted XML remote procedure call.

Solution

Upgrade to the appropriate software version per the vendor's advisory.

See Also

http://www.nessus.org/u?9e4e9184

https://tools.cisco.com/security/center/viewAlert.x?alertId=32461

Plugin Details

Severity: High

ID: 72183

File Name: cisco-sa-20140122-cts.nasl

Version: 1.7

Type: remote

Family: CISCO

Published: 1/28/2014

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:cisco:telepresence_system_software

Required KB Items: Settings/ParanoidReport, Cisco/TelePresence_System/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 1/22/2014

Vulnerability Publication Date: 1/22/2014

Reference Information

CVE: CVE-2014-0661

BID: 65071

CISCO-SA: cisco-sa-20140122-cts

IAVA: 2014-A-0016

CISCO-BUG-ID: CSCui32796