CVE-2012-3075

CWE-78 — OS Command Injection4 documents4 sources

Severity

9.0CRITICAL

EPSS

0.6%

top 29.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence System Software

Timeline

PublishedJul 12

Latest updateMay 17

Description

The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/telepresence_system_software1.7.2\(4937\)+21

🔴Vulnerability Details

GHSA

GHSA-j923-487j-w32h: The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1↗2022-05-17

▶

CVEList

CVE-2012-3075: The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1↗2012-07-12

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices↗2012-07-11

▶