Vulnerability Name:

CVE-2012-3075 (CCN-76855)

Assigned:2012-07-11
Published:2012-07-11
Updated:2012-07-12
Summary:The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-78
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2012-3075

Source: CCN
Type: SA49879
Cisco TelePresence Immersive Endpoint Multiple Vulnerabilities

Source: CCN
Type: cisco-sa-20120711-cts
Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices

Source: CISCO
Type: Vendor Advisory
20120711 Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices

Source: CCN
Type: OSVDB ID: 83737
Cisco TelePresence Immersive Endpoint TelepPresence Admin Web Interface Malformed Request Parsing Remote Command Execution

Source: CCN
Type: BID-54387
Cisco TelePresence Immersive Endpoint Devices Remote Command Injection Vulnerability

Source: XF
Type: UNKNOWN
cisco-interface-command-exec(76855)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:telepresence_system_software:1.2.3(1101):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.3.2(1393):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.4.7(2229):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.5.1(2082):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.5.3(2115):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.5.10(3648):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.5.11(3659):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.5.12(3701):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.5.13(3717):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.6.0(3954):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.6.2(4023):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.6.3(4042):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.6.4(4072):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.6.5(4097):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.6.6(4109):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.6.7(4212):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.6.8(4222):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.7.0.1(4764):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.7.0.2(4719):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:1.7.1(4864):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:telepresence_system_software:*:*:*:*:*:*:*:* (Version <= 1.7.2(4937))
  • OR cpe:/a:cisco:telepresence_system_software:1.7.2.1(2):*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:telepresence_system_1300_65:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_3000:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_3010:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_3200:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_3210:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_t3:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_t3:*:*:custom:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_tx1300_47:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_tx1310_65:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_tx9000:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:telepresence_system_tx9200:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco telepresence system software 1.2.3(1101)
    cisco telepresence system software 1.3.2(1393)
    cisco telepresence system software 1.4.7(2229)
    cisco telepresence system software 1.5.1(2082)
    cisco telepresence system software 1.5.3(2115)
    cisco telepresence system software 1.5.10(3648)
    cisco telepresence system software 1.5.11(3659)
    cisco telepresence system software 1.5.12(3701)
    cisco telepresence system software 1.5.13(3717)
    cisco telepresence system software 1.6.0(3954)
    cisco telepresence system software 1.6.2(4023)
    cisco telepresence system software 1.6.3(4042)
    cisco telepresence system software 1.6.4(4072)
    cisco telepresence system software 1.6.5(4097)
    cisco telepresence system software 1.6.6(4109)
    cisco telepresence system software 1.6.7(4212)
    cisco telepresence system software 1.6.8(4222)
    cisco telepresence system software 1.7.0.1(4764)
    cisco telepresence system software 1.7.0.2(4719)
    cisco telepresence system software 1.7.1(4864)
    cisco telepresence system software *
    cisco telepresence system software 1.7.2.1(2)
    cisco telepresence system 1300 65 *
    cisco telepresence system 3000 *
    cisco telepresence system 3010 *
    cisco telepresence system 3200 *
    cisco telepresence system 3210 *
    cisco telepresence system t3 *
    cisco telepresence system t3 *
    cisco telepresence system tx1300 47 *
    cisco telepresence system tx1310 65 *
    cisco telepresence system tx9000 *
    cisco telepresence system tx9200 *