Vulnerability Description
An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Telepresence System Software | <= 1.9.0.1\(3\) |
| Cisco | Telepresence System 1300 65 | All versions |
| Cisco | Telepresence System 3000 | All versions |
| Cisco | Telepresence System 3010 | All versions |
| Cisco | Telepresence System 3200 | All versions |
| Cisco | Telepresence System 3210 | All versions |
| Cisco | Telepresence System T3 | All versions |
| Cisco | Telepresence System Tx1300 47 | All versions |
| Cisco | Telepresence System Tx1310 65 | All versions |
| Cisco | Telepresence System Tx9000 | All versions |
| Cisco | Telepresence System Tx9200 | All versions |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
FAQ
What is CVE-2012-3074?
CVE-2012-3074 is a vulnerability with a CVSS score of 8.3 (HIGH). An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request o...
How severe is CVE-2012-3074?
CVE-2012-3074 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3074?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Telepresence System Software, Cisco Telepresence System 1300 65, Cisco Telepresence System 3000, Cisco Telepresence System 3010, Cisco Telepresence System 3200.