Cisco TelePresence Conductor Bash Remote Code Execution (Shellshock)
Critical Nessus Plugin ID 79584
SynopsisThe remote Cisco TelePresence Conductor device is affected by a command injection vulnerability.
DescriptionAccording to its self-reported version number, remote Cisco TelePresence Conductor device is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.
Note that an attacker must be authenticated before the device is exposed to this exploit.
SolutionUpgrade to version 2.3.1 / 2.4.1 / 3.0 or later.