Published: 25/02/2011 Updated: 17/08/2017
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

Cisco TelePresence endpoint devices with software 1.2.x up to and including 1.6.x allow remote malicious users to cause a denial of service (service crash) via a malformed SOAP request in conjunction with a spoofed TelePresence Manager that supplies an invalid IP address, aka Bug ID CSCth03605.

Affected Products

Vendor Product Versions
CiscoTelepresence System Software1.2.3, 1.3.2, 1.4.7, 1.5.1, 1.5.3, 1.5.10, 1.5.11, 1.5.12, 1.5.13, 1.6.0, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8
CiscoTelepresence System 1000*
CiscoTelepresence System 1100*
CiscoTelepresence System 1300 Series*
CiscoTelepresence System 3000*
CiscoTelepresence System 3200 Series*
CiscoTelepresence System 500 Series*

Vendor Advisories

Multiple vulnerabilities exist in the Cisco TelePresence solution; each component of the solution is addressed independently in its own advisory This advisory addresses Cisco TelePresence endpoint devices and details the following vulnerabilities: Unauthenticated Common Gateway Interface (CGI) Access CGI Command Injection ...