Vulnerability Description
The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Telepresence System Software | <= 1.7.2\(4937\) |
| Cisco | Telepresence System 1300 65 | All versions |
| Cisco | Telepresence System 3000 | All versions |
| Cisco | Telepresence System 3010 | All versions |
| Cisco | Telepresence System 3200 | All versions |
| Cisco | Telepresence System 3210 | All versions |
| Cisco | Telepresence System T3 | All versions |
| Cisco | Telepresence System Tx1300 47 | All versions |
| Cisco | Telepresence System Tx1310 65 | All versions |
| Cisco | Telepresence System Tx9000 | All versions |
| Cisco | Telepresence System Tx9200 | All versions |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
FAQ
What is CVE-2012-3075?
CVE-2012-3075 is a vulnerability with a CVSS score of 9.0 (HIGH). The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, ...
How severe is CVE-2012-3075?
CVE-2012-3075 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3075?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Telepresence System Software, Cisco Telepresence System 1300 65, Cisco Telepresence System 3000, Cisco Telepresence System 3010, Cisco Telepresence System 3200.