CVE-2014-2174

CWE-284 — Improper Access Control4 documents4 sources

Severity

8.3HIGH

EPSS

0.2%

top 56.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence TC Software Cisco Telepresence TE Software

Timeline

PublishedMay 25

Latest updateMay 17

Description

Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local network and allows physically proximate attackers to obtain root privileges via unspecified vectors, aka Bug ID CSCub67651.

CVSS vector

AV:A/AC:L/C:C/I:C/A:CExploitability: 6.5 | Impact: 10.0

Affected Packages2 packages

▶NVDcisco/telepresence_tc_software40 versions+39

▶NVDcisco/telepresence_te_software4 versions+3

🔴Vulnerability Details

GHSA

GHSA-mx29-5cr3-ph3c: Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7↗2022-05-17

▶

CVEList

CVE-2014-2174: Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7↗2015-05-25

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco TelePresence TC and TE Software↗2015-05-13

▶