CVE-2013-3379

CWE-264 CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.3HIGH

EPSS

0.2%

top 53.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence TC Software

Timeline

PublishedJun 21

Latest updateMay 17

Description

The firewall subsystem in Cisco TelePresence TC Software before 4.2 does not properly implement rules that grant access to hosts, which allows remote attackers to obtain shell access with root privileges by leveraging connectivity to the management network, aka Bug ID CSCts37781.

CVSS vector

AV:A/AC:L/C:C/I:C/A:CExploitability: 6.5 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/telepresence_tc_software4.1.2+4

🔴Vulnerability Details

GHSA

GHSA-h3x8-v5rw-g7h2: The firewall subsystem in Cisco TelePresence TC Software before 4↗2022-05-17

▶

CVEList

CVE-2013-3379: The firewall subsystem in Cisco TelePresence TC Software before 4↗2013-06-21

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco TelePresence TC and TE Software↗2013-06-19

▶