CVE-2012-3074

CWE-78 — OS Command Injection4 documents4 sources

Severity

8.3HIGH

EPSS

0.9%

top 24.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence System Software

Timeline

PublishedJul 12

Latest updateMay 14

Description

An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382.

CVSS vector

AV:A/AC:L/C:C/I:C/A:CExploitability: 6.5 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/telepresence_system_software1.9.0.1\(3\)+30

🔴Vulnerability Details

GHSA

GHSA-vxx9-4mc9-6rmp: An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1↗2022-05-14

▶

CVEList

CVE-2012-3074: An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1↗2012-07-12

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices↗2012-07-11

▶