CVE-2011-0378

Description

The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587.

Affected products

• Cisco / telepresence_system_1000
• Cisco / telepresence_system_1100
• Cisco / telepresence_system_1300_series
• Cisco / telepresence_system_3000
• Cisco / telepresence_system_3200_series
• Cisco / telepresence_system_500_series
• Cisco / telepresence_system_software1.5.11 – 1.5.11
• Cisco / telepresence_system_software1.2.3 – 1.2.3
• Cisco / telepresence_system_software1.5.13 – 1.5.13
• Cisco / telepresence_system_software1.5.12 – 1.5.12
• Cisco / telepresence_system_software1.3.2 – 1.3.2
• Cisco / telepresence_system_software1.4.7 – 1.4.7
• Cisco / telepresence_system_software1.5.1 – 1.5.1
• Cisco / telepresence_system_software1.5.3 – 1.5.3
• Cisco / telepresence_system_software1.5.10 – 1.5.10

References

• MISChttp://www.securitytracker.com/id?1025112
• VENDOR_ADVISORYhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e152.shtml