Details of VAR-201405-0489

ID

VAR-201405-0489

CVE

CVE-2014-2170

TITLE

Cisco TelePresence TC Software and TE Software arbitrary command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002371

DESCRIPTION

Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to tshell (aka tcsh) scripts, aka Bug ID CSCue60202. Vendors have confirmed this vulnerability Bug ID CSCue60202 It is released as.By a remotely authenticated user tshell ( alias tcsh) An arbitrary command may be executed by using a command as an argument of the script. Multiple remote denial-of-service vulnerabilities 2. A buffer-overflow vulnerability 3. A command-injection vulnerability 4. A command-injection vulnerability 5. A heap-based buffer-overflow vulnerability 6. A local buffer-overflow vulnerability 7. A local authentication-bypass vulnerability 8. A remote denial-of-service vulnerability Attackers can exploit these issues to execute arbitrary code in the context of the device, bypass authentication mechanisms, gain unauthorized access, execute arbitrary commands, or cause denial-of-service conditions; other attacks may also be possible. These issues are being tracked by Cisco Bug IDs CSCud29566, CSCua64961, CSCuj94651, CSCtq72699, CSCto70562, CSCua86589, CSCty44804, CSCue60211, CSCue60202, CSCud81796, CSCub67693, CSCub67692, and CSCtq78849. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco)

Trust: 1.98

sources: NVD: CVE-2014-2170 // JVNDB: JVNDB-2014-002371 // BID: 67170 // VULHUB: VHN-70109

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence te software	scope:	eq	version:	6.0	Trust: 1.8
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.1.2	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.2.3	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.2.2	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.2.4	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.0.1	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.0.0	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.2.1	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.2.0	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.1.1	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.0.4	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.6	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.1.2	Trust: 1.0
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.1.3	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.0.0	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.5	Trust: 1.0
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.0.2	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.1	Trust: 1.0
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.1.1	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.2	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.3	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.0	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.4	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	cisco	model:	telepresence	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence tc software	scope:	lt	version:	6.x	Trust: 0.8
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.x	Trust: 0.8
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.7	Trust: 0.8
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.x	Trust: 0.8
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	6.0.1	Trust: 0.8
vendor:	cisco	model:	telepresence tc software	scope:	lt	version:	5.x	Trust: 0.8

sources: JVNDB: JVNDB-2014-002371 // CNNVD: CNNVD-201405-033 // NVD: CVE-2014-2170

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2170
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2170
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201405-033
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-70109
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2170
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-70109
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70109 // JVNDB: JVNDB-2014-002371 // CNNVD: CNNVD-201405-033 // NVD: CVE-2014-2170

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.9

sources: VULHUB: VHN-70109 // JVNDB: JVNDB-2014-002371 // NVD: CVE-2014-2170

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-033

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201405-033

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002371

PATCH

title:	cisco-sa-20140430-tcte	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte	Trust: 0.8
title:	33894	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33894	Trust: 0.8
title:	cisco-sa-20140430-tcte	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122529_cisco-sa-20140430-tcte-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-002371

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2170	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-002371	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-033	Trust: 0.7
db:	CISCO	id:	20140430 MULTIPLE VULNERABILITIES IN CISCO TELEPRESENCE TC AND TE SOFTWARE	Trust: 0.6
db:	BID	id:	67170	Trust: 0.3
db:	VULHUB	id:	VHN-70109	Trust: 0.1

sources: VULHUB: VHN-70109 // BID: 67170 // JVNDB: JVNDB-2014-002371 // CNNVD: CNNVD-201405-033 // NVD: CVE-2014-2170

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140430-tcte	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2170	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2170	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-70109 // BID: 67170 // JVNDB: JVNDB-2014-002371 // CNNVD: CNNVD-201405-033 // NVD: CVE-2014-2170

CREDITS

Cisco

Trust: 0.3

sources: BID: 67170

SOURCES

db:	VULHUB	id:	VHN-70109
db:	BID	id:	67170
db:	JVNDB	id:	JVNDB-2014-002371
db:	CNNVD	id:	CNNVD-201405-033
db:	NVD	id:	CVE-2014-2170

LAST UPDATE DATE

2025-04-13T23:05:07.037000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70109	date:	2014-05-02T00:00:00
db:	BID	id:	67170	date:	2014-05-09T00:42:00
db:	JVNDB	id:	JVNDB-2014-002371	date:	2014-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201405-033	date:	2014-05-07T00:00:00
db:	NVD	id:	CVE-2014-2170	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70109	date:	2014-05-02T00:00:00
db:	BID	id:	67170	date:	2014-04-30T00:00:00
db:	JVNDB	id:	JVNDB-2014-002371	date:	2014-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201405-033	date:	2014-05-07T00:00:00
db:	NVD	id:	CVE-2014-2170	date:	2014-05-02T10:55:08.337