Vulnslist

find the latest Cisco vulnerabilities

Cisco TelePresence Endpoints Local Command Injection Vulnerability

cisco-sa-20161102-tp · Medium · Published · Updated

Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection.      The vulnerability is due to incomplete input sanitization of some commands. An attacker could exploit this vulnerability by executing local shell commands with commands injected as parameters. An exploit could allow the attacker to retrieve full information from the device including private keys. Cisco has not released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp

Cisco advisory · CSAF JSON

Workarounds

Workarounds that address this vulnerability are not available.

CVEsCVE-2016-6459
Cisco Bug IDsCSCvb25010
CVSS ScoreBase 4.6
Base 4.6 AV:L/AC:L/Au:S/C:C/I:N/A:N/E:F/RL:U/RC:C
Product Names From Source
Cisco TelePresence TC Software, Cisco TelePresence CE Software

Related Products

Product CVE Evidence
Cisco TelePresence TC Software CVE-2016-6459 Cisco OpenVuln
Cisco TelePresence CE Software CVE-2016-6459 Cisco OpenVuln
Cisco TelePresence CVE-2016-6459 Cisco OpenVuln