Vulnslist

find the latest Cisco vulnerabilities

Cisco TelePresence TC and TE Software u-boot Buffer Overflow Vulnerability

Cisco-SA-20140430-CVE-2014-2172 · Medium · Published · Updated

A vulnerability in the implementation of executable utilities that use the universal bootloader (u-boot) compiler of Cisco TelePresence TC and TE Software could allow an authenticated, local attacker to create a buffer overflow and possibly execute arbitrary code on the affected system. The vulnerability is due to the improper implementation of internal executable files when the u-boot compiler flag is defined. An attacker could exploit this vulnerability by accessing the affected system command-line interface (CLI) and try to run the affected executable files. Cisco has confirmed the vulnerability in a security advisory and released software updates. A successful exploit would require local access to the targeted device. This access requirement decreases the likelihood of a successful exploit. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to access local systems.

Administrators are advised to apply the appropriate updates.

CVEsCVE-2014-2172
Cisco Bug IDsCSCub67693
CVSS ScoreBase 6.6
Base 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco TelePresence TC Software

Related Products

Product CVE Evidence
Cisco TelePresence TC Software CVE-2014-2172 Cisco OpenVuln
Cisco TelePresence CVE-2014-2172 Cisco OpenVuln