CVE-2014-2169

CWE-20 — Improper Input Validation CWE-119 — Buffer Overflow CWE-264 CWE-399 CWE-78 — OS Command Injection CWE-476 — NULL Pointer Dereference CWE-416 — Use After Free7 documents6 sources

Severity

9.0CRITICAL

EPSS

0.5%

top 35.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence TC Software Cisco Telepresence TE Software

Timeline

PublishedMay 2

Latest updateApr 3

Description

Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal system scripts, aka Bug ID CSCue60211.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages2 packages

▶NVDcisco/telepresence_tc_software26 versions+25

▶NVDcisco/telepresence_te_software5 versions+4

🔴Vulnerability Details

GHSA

GHSA-jf76-7xpm-4gc7: Cisco TelePresence TC Software 4↗2022-05-17

▶

CVEList

CVE-2014-2169: Cisco TelePresence TC Software 4↗2014-05-02

▶

OSV

python-django regression↗2014-04-23

▶

📋Vendor Advisories

Red Hat

kernel: net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers↗2024-04-03

▶

Cisco

Multiple Vulnerabilities in Cisco TelePresence TC and TE Software↗2014-04-30

▶