Vulnerability Name:

CVE-2012-3074 (CCN-76854)

Assigned:2012-07-11
Published:2012-07-11
Updated:2018-10-30
Summary:An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382.
CVSS v3 Severity:9.6 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:8.3 High (CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C)
6.2 Medium (Temporal CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
8.3 High (CCN CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-78
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2012-3074

Source: CCN
Type: SA49879
Cisco TelePresence Immersive Endpoint Multiple Vulnerabilities

Source: CCN
Type: cisco-sa-20120711-cts
Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices

Source: CISCO
Type: Vendor Advisory
20120711 Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices

Source: CCN
Type: OSVDB ID: 83730
Cisco TelePresence Immersive Endpoint TelePresence API Malformed Request Parsing Remote Command Execution

Source: CCN
Type: BID-54389
Cisco TelePresence Immersive Endpoint Devices CVE-2012-3074 Remote Command Injection Vulnerability

Source: XF
Type: UNKNOWN
cisco-immersive-command-exec(76854)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:telepresence_system_software:1.2.3(1101):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.3.2(1393):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.4.7(2229):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.5.1(2082):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.5.3(2115):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.5.10(3648):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.5.11(3659):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.5.12(3701):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.5.13(3717):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.6.0(3954):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.6.2(4023):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.6.3(4042):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.6.4(4072):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.6.5(4097):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.6.6(4109):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.6.7(4212):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.6.8(4222):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.7.0.1(4764):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.7.0.2(4719):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.7.1(4864):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.7.2(4937):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.7.2.1(2):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.7.4(270):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.7.5(42):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.7.6(4):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.8.0(55):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.8.1(34):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.8.2(11):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.8.3(4):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.9.0(46):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:*:*:*:*:*:*:*:* (Version <= 1.9.0.1(3))
  • AND
  • cpe:/h:cisco:telepresence_system_1300_65:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_3000:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_3010:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_3200:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_3210:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_t3:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_t3:*:*:custom:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_tx1300_47:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_tx1310_65:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_tx9000:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_tx9200:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    cisco telepresence system software 1.2.3(1101)
    cisco telepresence system software 1.3.2(1393)
    cisco telepresence system software 1.4.7(2229)
    cisco telepresence system software 1.5.1(2082)
    cisco telepresence system software 1.5.3(2115)
    cisco telepresence system software 1.5.10(3648)
    cisco telepresence system software 1.5.11(3659)
    cisco telepresence system software 1.5.12(3701)
    cisco telepresence system software 1.5.13(3717)
    cisco telepresence system software 1.6.0(3954)
    cisco telepresence system software 1.6.2(4023)
    cisco telepresence system software 1.6.3(4042)
    cisco telepresence system software 1.6.4(4072)
    cisco telepresence system software 1.6.5(4097)
    cisco telepresence system software 1.6.6(4109)
    cisco telepresence system software 1.6.7(4212)
    cisco telepresence system software 1.6.8(4222)
    cisco telepresence system software 1.7.0.1(4764)
    cisco telepresence system software 1.7.0.2(4719)
    cisco telepresence system software 1.7.1(4864)
    cisco telepresence system software 1.7.2(4937)
    cisco telepresence system software 1.7.2.1(2)
    cisco telepresence system software 1.7.4(270)
    cisco telepresence system software 1.7.5(42)
    cisco telepresence system software 1.7.6(4)
    cisco telepresence system software 1.8.0(55)
    cisco telepresence system software 1.8.1(34)
    cisco telepresence system software 1.8.2(11)
    cisco telepresence system software 1.8.3(4)
    cisco telepresence system software 1.9.0(46)
    cisco telepresence system software *
    cisco telepresence system 1300 65 *
    cisco telepresence system 3000 *
    cisco telepresence system 3010 *
    cisco telepresence system 3200 *
    cisco telepresence system 3210 *
    cisco telepresence system t3 *
    cisco telepresence system t3 *
    cisco telepresence system tx1300 47 *
    cisco telepresence system tx1310 65 *
    cisco telepresence system tx9000 *
    cisco telepresence system tx9200 *