Computer Security
[EN] securityvulns.ru no-pyccku


Cisco TelePresence security vulnerabilities
updated since 19.07.2013
Published:12.08.2013
Source:
SecurityVulns ID:13209
Type:remote
Threat Level:
7/10
Description:DoS, directory traversal, backdoor account.
CVE:CVE-2013-3454 (Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128.)
 CVE-2013-3379 (The firewall subsystem in Cisco TelePresence TC Software before 4.2 does not properly implement rules that grant access to hosts, which allows remote attackers to obtain shell access with root privileges by leveraging connectivity to the management network, aka Bug ID CSCts37781.)
 CVE-2013-3378 (Cisco TelePresence TC Software before 6.1 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (temporary device hang) via crafted SIP packets, aka Bug ID CSCuf89557.)
 CVE-2013-3377 (Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743.)
Files:Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
 Cisco TelePresence System Default Credentials Vulnerability

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod