6.6
CVSSv2

CVE-2014-2172

Published: 02/05/2014 Updated: 02/05/2014
CVSS v2 Base Score: 6.6 | Impact Score: 10 | Exploitability Score: 2.7
VMScore: 587
Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Summary

Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for internal executable files, aka Bug ID CSCub67693.

Affected Products

Vendor Product Versions
CiscoTelepresence Tc Software4.0.0, 4.0.1, 4.0.4, 4.1.1, 4.1.2, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 5.0.0, 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7
CiscoTelepresence Te Software4.1.0, 4.1.1, 4.1.2, 4.1.3, 6.0

Vendor Advisories

A vulnerability in the implementation of executable utilities that use the universal bootloader (u-boot) compiler of Cisco TelePresence TC and TE Software could allow an authenticated, local attacker to create a buffer overflow and possibly execute arbitrary code on the affected system The vulnerability is due to the improper implementation of in ...
Cisco TelePresence TC and TE Software are affected by the following vulnerabilities: Six Session Initiation Protocol (SIP) denial of service vulnerabilities Cisco TelePresence TC and TE Software DNS Buffer Overflow Vulnerability Cisco TelePresence TC and TE Software Input Validation Vulnerability Cisco TelePresence TC and TE Softwa ...