Home Unlabelled Command Injection Vulnerability in Multiple Cisco TelePresence Products

Command Injection Vulnerability in Multiple Cisco TelePresence Products

By
Wednesday, May 13, 2015
Read
Add Comment
A vulnerability in the web framework of multiple Cisco TelePresence products could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. Administrative privileges are required in order to access the affected parameter. A successful exploit could allow an attacker to execute system commands with the privileges of the root user.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
http://ift.tt/1Fekzyl

from Cisco Security Advisory http://ift.tt/1Fekzyl
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us