CVE-2014-2168

CWE-119 — Buffer Overflow CWE-20 — Improper Input Validation CWE-264 CWE-399 CWE-78 — OS Command Injection5 documents5 sources

Severity

7.6HIGH

EPSS

7.4%

top 8.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence TC Software Cisco Telepresence TE Software

Timeline

PublishedMay 2

Latest updateMay 17

Description

Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to execute arbitrary code via crafted DNS response packets, aka Bug ID CSCty44804.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

▶NVDcisco/telepresence_tc_software21 versions+20

▶NVDcisco/telepresence_te_software5 versions+4

🔴Vulnerability Details

GHSA

GHSA-w8h8-3h8g-5c5r: Buffer overflow in Cisco TelePresence TC Software 4↗2022-05-17

▶

CVEList

CVE-2014-2168: Buffer overflow in Cisco TelePresence TC Software 4↗2014-05-02

▶

💥Exploits & PoCs

Exploit-DB

Asx to Mp3 2.7.5 - Local Stack Overflow↗2014-10-07

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco TelePresence TC and TE Software↗2014-04-30

▶