CVE-2014-2174

Current Description

Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local network and allows physically proximate attackers to obtain root privileges via unspecified vectors, aka Bug ID CSCub67651.

Basic Data

PublishedMay 25, 2015
Last ModifiedMay 26, 2015
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-284
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:A/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorADJACENT_NETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score8.3
SeverityHIGH
Exploitability Score6.5
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCiscoTelepresence Tc Software3.1.5*******
    2.3ApplicationCiscoTelepresence Tc Software3.1_base*******
    2.3ApplicationCiscoTelepresence Tc Software4.1.0*******
    2.3ApplicationCiscoTelepresence Tc Software4.1.1*******
    2.3ApplicationCiscoTelepresence Tc Software4.1.2*******
    2.3ApplicationCiscoTelepresence Tc Software4.1_base*******
    2.3ApplicationCiscoTelepresence Tc Software4.2.0*******
    2.3ApplicationCiscoTelepresence Tc Software4.2.1*******
    2.3ApplicationCiscoTelepresence Tc Software4.2.2*******
    2.3ApplicationCiscoTelepresence Tc Software4.2.3*******
    2.3ApplicationCiscoTelepresence Tc Software4.2.4*******
    2.3ApplicationCiscoTelepresence Tc Software4.2_base*******
    2.3ApplicationCiscoTelepresence Tc Software5.0.2*******
    2.3ApplicationCiscoTelepresence Tc Software5.0.2-cucm*******
    2.3ApplicationCiscoTelepresence Tc Software5.0_base*******
    2.3ApplicationCiscoTelepresence Tc Software5.1.3*******
    2.3ApplicationCiscoTelepresence Tc Software5.1.3-cucm*******
    2.3ApplicationCiscoTelepresence Tc Software5.1.4*******
    2.3ApplicationCiscoTelepresence Tc Software5.1.4-cucm*******
    2.3ApplicationCiscoTelepresence Tc Software5.1.5*******
    2.3ApplicationCiscoTelepresence Tc Software5.1.5-cucm*******
    2.3ApplicationCiscoTelepresence Tc Software5.1.6*******
    2.3ApplicationCiscoTelepresence Tc Software5.1.6-cucm*******
    2.3ApplicationCiscoTelepresence Tc Software5.1.7*******
    2.3ApplicationCiscoTelepresence Tc Software5.1.7-cucm*******
    2.3ApplicationCiscoTelepresence Tc Software5.1_base*******
    2.3ApplicationCiscoTelepresence Tc Software6.0.0*******
    2.3ApplicationCiscoTelepresence Tc Software6.0.0-cucm*******
    2.3ApplicationCiscoTelepresence Tc Software6.0.1*******
    2.3ApplicationCiscoTelepresence Tc Software6.0.1-cucm*******
    2.3ApplicationCiscoTelepresence Tc Software6.0.2*******
    2.3ApplicationCiscoTelepresence Tc Software6.0_base*******
    2.3ApplicationCiscoTelepresence Tc Software6.1.0*******
    2.3ApplicationCiscoTelepresence Tc Software6.1.0-cucm*******
    2.3ApplicationCiscoTelepresence Tc Software6.1.1*******
    2.3ApplicationCiscoTelepresence Tc Software6.1.1-cucm*******
    2.3ApplicationCiscoTelepresence Tc Software6.1.2*******
    2.3ApplicationCiscoTelepresence Tc Software6.1.2-cucm*******
    2.3ApplicationCiscoTelepresence Tc Software6.1_base*******
    2.3ApplicationCiscoTelepresence Tc Software6.3.0*******
    2.3ApplicationCiscoTelepresence Te Software6.0.0*******
    2.3ApplicationCiscoTelepresence Te Software6.0.1*******
    2.3ApplicationCiscoTelepresence Te Software6.0.2*******
    2.3ApplicationCiscoTelepresence Te Software6.0_base*******

Vulnerable Software List

VendorProductVersions
Cisco Telepresence Te Software 6.0.0, 6.0.1, 6.0.2, 6.0_base
Cisco Telepresence Tc Software 3.1.5, 3.1_base, 4.1.0, 4.1.1, 4.1.2, 4.1_base, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2_base, 5.0.2, 5.0.2-cucm, 5.0_base, 5.1.3, 5.1.3-cucm, 5.1.4, 5.1.4-cucm, 5.1.5, 5.1.5-cucm, 5.1.6, 5.1.6-cucm, 5.1.7, 5.1.7-cucm, 5.1_base, 6.0.0, 6.0.0-cucm, 6.0.1, 6.0.1-cucm, 6.0.2, 6.0_base, 6.1.0, 6.1.0-cucm, 6.1.1, 6.1.1-cucm, 6.1.2, 6.1.2-cucm, 6.1_base, 6.3.0

References

NameSourceURLTags
20150513 Multiple Vulnerabilities in Cisco TelePresence TC and TE Softwarehttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tcCISCOVendor Advisory