CVE-2014-2171

CWE-119 — Buffer Overflow CWE-20 — Improper Input Validation CWE-264 CWE-399 CWE-78 — OS Command Injection CWE-416 — Use After Free CWE-190 — Integer Overflow11 documents5 sources

Severity

10.0CRITICAL

EPSS

7.4%

top 8.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence TC Software Cisco Telepresence TE Software

Timeline

PublishedMay 2

Latest updateMay 17

Description

Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x before 6.0.2 allows remote attackers to execute arbitrary code via crafted SIP packets, aka Bug ID CSCud81796.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDcisco/telepresence_tc_software22 versions+21

▶NVDcisco/telepresence_te_software6 versions+5

🔴Vulnerability Details

GHSA

GHSA-4hc9-2vw2-236j: Heap-based buffer overflow in Cisco TelePresence TC Software 4↗2022-05-17

▶

CVEList

CVE-2014-2171: Heap-based buffer overflow in Cisco TelePresence TC Software 4↗2014-05-02

▶

📋Vendor Advisories

Red Hat

chromium-browser: Use-after-free in blink↗2014-11-18

▶

Red Hat

chromium-browser: Uninitialized memory read in Skia↗2014-11-18

▶

Red Hat

chromium-browser: Unspecified security issues↗2014-11-18

▶

Red Hat

chromium-browser: Use-after-free in pepper plugins↗2014-11-18

▶

Red Hat

chromium-browser: Buffer overflow in Skia↗2014-11-18

▶