CVE-2014-0661

CWE-94 — Code Injection CWE-78 — OS Command Injection4 documents4 sources

Severity

8.3HIGH

EPSS

4.0%

top 11.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence System Software

Timeline

PublishedJan 22

Latest updateMay 17

Description

The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796.

CVSS vector

AV:A/AC:L/C:C/I:C/A:CExploitability: 6.5 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/telepresence_system_software1.10.1\(43\)+25

🔴Vulnerability Details

GHSA

GHSA-7g4g-9h43-3xvc: The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1↗2022-05-17

▶

CVEList

CVE-2014-0661: The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1↗2014-01-22

▶

📋Vendor Advisories

Cisco

Cisco TelePresence System Software Command Execution Vulnerability↗2014-01-22

▶