CVE-2014-0661
https://notcve.org/view.php?id=CVE-2014-0661
The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796. El System Status Collection Daemon (SSCD) de Cisco TelePresence System 500-37, 1000, 1300-65, y 3xxx anterior a la versión 1.10.2(42), y 500-32, 1300-47, TX1310 65, y TX9xxx anterior a la versión 6.0.4(11), permite a atacantes remotos ejecutar comandos arbitrarios para provocar una denegación de servicio (corrupción de memoria de la pila) a través de un mensaje XML-RPC manipulado, también conocido como Bug ID CSCui32796. • http://osvdb.org/102362 http://secunia.com/advisories/56533 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts http://www.securityfocus.com/bid/65071 http://www.securitytracker.com/id/1029656 https://exchange.xforce.ibmcloud.com/vulnerabilities/90624 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-3454
https://notcve.org/view.php?id=CVE-2013-3454
Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128. Cisco TelePresence System Software v1.10.1 y anteriores en dispositivos 500, 13X0, 1X00, 30X0, y 3X00, y v6.0.3 y anteriores en dispositivos TX 9X00, tiene una contraseña predeterminada de la cuenta pwrecovery, lo que hace que sea más fácil para los atacantes remotos modificar la configuración o realizar actos arbitrarios a través de peticiones HTTPS, también conocido como Bug ID CSCui43128. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130807-tp • CWE-255: Credentials Management Errors •
CVE-2012-3073
https://notcve.org/view.php?id=CVE-2012-3073
The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to cause a denial of service (networking outage or process crash) via (1) malformed IP packets, (2) a high rate of TCP connection requests, or (3) a high rate of TCP connection terminations, aka Bug IDs CSCti21830, CSCti21851, CSCtj19100, CSCtj19086, CSCtj19078, CSCty11219, CSCty11299, CSCty11323, and CSCty11338. La implementación IP en Cisco TelePresence Multipoint Switch anterior a v1.8.1, Cisco TelePresence Manager anterior a v1.9.0, y Cisco TelePresence Recording Server v1.8 y anteriores permite a atacantes remotos causar una denegación de servicio mediante (1) un paquete IP mal formado, (2) una elevada cantidad de conexiones TCP, o (3) una elevada cantidad de conexiones de finalización TCP, cambien conocido como bug IDs CSCti21830, CSCti21851, CSCtj19100, CSCtj19086, CSCtj19078, CSCty11219, CSCty11299, CSCty11323, y CSCty11338. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman •
CVE-2012-3074
https://notcve.org/view.php?id=CVE-2012-3074
An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382. Una API no especificado en dispositivos Cisco TelePresence Immersive Endpoint anterior a v1.9.1 permite a atacantes remotos ejecutar comandos arbitrarios mediante el envío de una solicitud mal formada al puerto TCP 61460, también conocido como error ID CSCtz38382. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2012-2486
https://notcve.org/view.php?id=CVE-2012-2486
The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953. La implementación del protocolo Cisco Discovery Protocol (CDP) en Cisco TelePresence Multipoint Switch anterior a v1.9.0, Cisco TelePresence Immersive Endpoint Devices anterior a v1.9.1, Cisco TelePresence Manager anterior a v1.9.0, y Cisco TelePresence Recording Server anterior a v1.8.1 permite a atacantes remotos ejecutar código arbitrario mediante el envío de paquetes CDP mal formados, también conocido como Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, y CSCtz40953. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman • CWE-94: Improper Control of Generation of Code ('Code Injection') •