A vulnerability in the implementation of executable utilities that use the universal bootloader (u-boot) compiler of Cisco TelePresence TC and TE Software could allow an authenticated, local malicious user to create a buffer overflow and possibly execute arbitrary code on the affected system. The vulnerability is due to the improper implementation of internal executable files when the u-boot compiler flag is defined. An attacker could exploit this vulnerability by accessing the affected system command-line interface (CLI) and try to run the affected executable files. Cisco has confirmed the vulnerability in a security advisory and released software updates. A successful exploit would require local access to the targeted device. This access requirement decreases the likelihood of a successful exploit. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco telepresence tc software 5.0.0 |
||
cisco telepresence tc software 5.0.1 |
||
cisco telepresence tc software 5.0.2 |
||
cisco telepresence tc software 5.1.0 |
||
cisco telepresence tc software 4.2.2 |
||
cisco telepresence tc software 4.2.3 |
||
cisco telepresence tc software 4.2.4 |
||
cisco telepresence tc software 5.1.7 |
||
cisco telepresence tc software 5.1.1 |
||
cisco telepresence tc software 5.1.3 |
||
cisco telepresence tc software 5.1.5 |
||
cisco telepresence tc software 4.1.1 |
||
cisco telepresence tc software 4.2.0 |
||
cisco telepresence tc software 5.1.6 |
||
cisco telepresence tc software 4.0.0 |
||
cisco telepresence tc software 4.0.1 |
||
cisco telepresence tc software 4.0.4 |
||
cisco telepresence tc software 5.1.2 |
||
cisco telepresence tc software 5.1.4 |
||
cisco telepresence tc software 4.1.2 |
||
cisco telepresence tc software 4.2.1 |
||
cisco telepresence te software 4.1.0 |
||
cisco telepresence te software 4.1.2 |
||
cisco telepresence te software 4.1.3 |
||
cisco telepresence te software 6.0 |
||
cisco telepresence te software 4.1.1 |