Cisco TelePresence Endpoints Local Command Injection Vulnerability

Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection.
    
The vulnerability is due to incomplete input sanitization of some commands. An attacker could exploit this vulnerability by executing local shell commands with commands injected as parameters. An exploit could allow the attacker to retrieve full information from the device including private keys.

Cisco has not released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/2fcY8kC Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection.
    
The vulnerability is due to incomplete input sanitization of some commands. An attacker could exploit this vulnerability by executing local shell commands with commands injected as parameters. An exploit could allow the attacker to retrieve full information from the device including private keys.

Cisco has not released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/2fcY8kC
Security Impact Rating: Medium
CVE: CVE-2016-6459

from Cisco Security Advisory http://ift.tt/2fcY8kC