CVE-2015-0713
published 2015-05-25CVE-2015-0713: The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco…
PriorityP356critical9CVSS 2.0
AVNACLAuSCCICAC
EPSS
2.89%
85.2th percentile
The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855.
Affected
43 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | telepresence_advanced_media_gateway | — | — |
| cisco | telepresence_advanced_media_gateway | — | — |
| cisco | telepresence_advanced_media_gateway | — | — |
| cisco | telepresence_ip_gateway | — | — |
| cisco | telepresence_ip_gateway | — | — |
| cisco | telepresence_ip_gateway | — | — |
| cisco | telepresence_ip_vcr_1.0_converter | — | — |
| cisco | telepresence_ip_vcr_2.4 | — | — |
| cisco | telepresence_ip_vcr_3.0 | — | — |
| cisco | telepresence_ip_vcr_3.0 | — | — |
| cisco | telepresence_isdn_gw_3241 | — | — |
| cisco | telepresence_isdn_gw_3241 | — | — |
| cisco | telepresence_isdn_gw_3241 | — | — |
| cisco | telepresence_isdn_gw_3241 | — | — |
| cisco | telepresence_isdn_gw_3241 | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
| cisco | telepresence_mcu_software | — | — |
CVSS provenance
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco9.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4pmx-jrq3-v88q: The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1
ghsa_unreviewed·2022-05-17
CVE-2015-0713 [HIGH] GHSA-4pmx-jrq3-v88q: The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1
The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur1583
Cisco
Command Injection Vulnerability in Multiple Cisco TelePresence Products
vendor_cisco·2015-05-13·CVSS 9.0
CVE-2015-0713 [CRITICAL] CWE-78 Command Injection Vulnerability in Multiple Cisco TelePresence Products
Command Injection Vulnerability in Multiple Cisco TelePresence Products
A vulnerability in the web framework of multiple Cisco
TelePresence products could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of
the root user.
The vulnerability is due to insufficient input
validation. An attacker could exploit this vulnerability by
authenticating to the device and submitting crafted input to the
affected parameter in a web page. Administrative privileges are required
in order to access the affected parameter. A successful exploit could allow an
attacker
to execute system commands with the privileges of the root user.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are n
Cisco
Command Injection Vulnerability in Multiple Cisco TelePresence Products
vendor_cisco
CVE-2015-0713 Command Injection Vulnerability in Multiple Cisco TelePresence Products
CVE-2015-0713: Command Injection Vulnerability in Multiple Cisco TelePresence Products
A vulnerability in the web framework of multiple Cisco TelePresence products could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. Administrative privileges are required in order to access the affected parameter. A successful exploit could allow an attacker to execute system commands with the privileges of the root user. Cisco has released software updates that address this vulnerability.
CWE: CWE-78, CWE-78
Bug IDs: CSCul5596
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-05-25
Published