CVE-2016-6459

CWE-78 — OS Command Injection4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.6%

top 30.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence TC Software

Timeline

PublishedNov 19

Latest updateMay 17

Description

Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/telepresence_tc_software11 versions+10

▶CVEListV5cisco_telepresence_ce_and_tc_8.1.xCisco TelePresence CE and TC 8.1.x

🔴Vulnerability Details

GHSA

GHSA-j33x-pv47-v562: Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a l↗2022-05-17

▶

CVEList

CVE-2016-6459: Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a l↗2016-11-19

▶

📋Vendor Advisories

Cisco

Cisco TelePresence Endpoints Local Command Injection Vulnerability↗2016-11-02

▶