Cisco TelePresence Multipoint Switch Multiple Vulnerabilities (cisco-sa-20120711-ctms)

high Nessus Plugin ID 70024


The remote host is missing a vendor-supplied security patch.


According to its self-reported version, the version of Cisco TelePresence Multipoint Switch Server installed on the remote host is potentially affected by multiple vulnerabilities :

- By sending specially crafted IP packets at a high rate, it may be possible to crash some of the services running on the host. (CVE-2012-3073)

- The Cisco Discovery Protocol (CDP) implementation on the remote host is affected by a vulnerability that could allow a remote, unauthenticated, adjacent attacker with data link layer access the ability to execute arbitrary code by sending specially crafted CDP packets.


Upgrade to Cisco TelePresence Multipoint Switch 1.9.0 or later.

See Also

Plugin Details

Severity: High

ID: 70024

File Name: cisco-sa-20120711-ctms.nasl

Version: 1.4

Type: local

Family: CISCO

Published: 9/20/2013

Updated: 11/15/2018

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: High

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:cisco:telepresence_multipoint_switch_software

Required KB Items: Host/UCOS/Cisco TelePresence Multipoint Switch/version

Exploit Ease: No known exploits are available

Patch Publication Date: 5/23/2012

Vulnerability Publication Date: 7/11/2012

Reference Information

CVE: CVE-2012-2486, CVE-2012-3073

BID: 54382

CISCO-SA: cisco-sa-20120711-ctms

IAVB: 2012-B-0070