Details of VAR-201405-0491

ID

VAR-201405-0491

CVE

CVE-2014-2172

TITLE

Cisco TelePresence TC Software and TE Software buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002373

DESCRIPTION

Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for internal executable files, aka Bug ID CSCub67693. Cisco TelePresence TC Software and TE The software contains a buffer overflow vulnerability. Vendors have confirmed this vulnerability Bug ID CSCub67693 It is released as.For local executables by local users u-boot Authority may be obtained by using improper handling of compiler flags. Multiple remote denial-of-service vulnerabilities 2. A buffer-overflow vulnerability 3. A command-injection vulnerability 4. A command-injection vulnerability 5. A heap-based buffer-overflow vulnerability 6. A local buffer-overflow vulnerability 7. A local authentication-bypass vulnerability 8. A remote denial-of-service vulnerability Attackers can exploit these issues to execute arbitrary code in the context of the device, bypass authentication mechanisms, gain unauthorized access, execute arbitrary commands, or cause denial-of-service conditions; other attacks may also be possible. These issues are being tracked by Cisco Bug IDs CSCud29566, CSCua64961, CSCuj94651, CSCtq72699, CSCto70562, CSCua86589, CSCty44804, CSCue60211, CSCue60202, CSCud81796, CSCub67693, CSCub67692, and CSCtq78849. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco). The vulnerability is caused by the program not properly handling the u-boot compiler flag inside the executable

Trust: 1.98

sources: NVD: CVE-2014-2172 // JVNDB: JVNDB-2014-002373 // BID: 67170 // VULHUB: VHN-70111

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence te software	scope:	eq	version:	6.0	Trust: 2.4
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.1.3	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.2.3	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.2.2	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.2.4	Trust: 1.6
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.1.1	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.7	Trust: 1.6
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.1.2	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.2.1	Trust: 1.6
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.1.0	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.1.2	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.6	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.0.0	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.2.0	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.1.1	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.0.4	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.5	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.0.2	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.1	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.2	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.3	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.0	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.4	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	cisco	model:	telepresence	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.x	Trust: 0.8
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.x	Trust: 0.8
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.x	Trust: 0.8

sources: JVNDB: JVNDB-2014-002373 // CNNVD: CNNVD-201405-035 // NVD: CVE-2014-2172

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2172
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2172
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201405-035
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-70111
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2172
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.7
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-70111
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.7
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70111 // JVNDB: JVNDB-2014-002373 // CNNVD: CNNVD-201405-035 // NVD: CVE-2014-2172

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-70111 // JVNDB: JVNDB-2014-002373 // NVD: CVE-2014-2172

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201405-035

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201405-035

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002373

PATCH

title:	cisco-sa-20140430-tcte	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte	Trust: 0.8
title:	33896	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33896	Trust: 0.8
title:	cisco-sa-20140430-tcte	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122529_cisco-sa-20140430-tcte-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-002373

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2172	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-002373	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-035	Trust: 0.7
db:	CISCO	id:	20140430 MULTIPLE VULNERABILITIES IN CISCO TELEPRESENCE TC AND TE SOFTWARE	Trust: 0.6
db:	BID	id:	67170	Trust: 0.3
db:	VULHUB	id:	VHN-70111	Trust: 0.1

sources: VULHUB: VHN-70111 // BID: 67170 // JVNDB: JVNDB-2014-002373 // CNNVD: CNNVD-201405-035 // NVD: CVE-2014-2172

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140430-tcte	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2172	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2172	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-70111 // BID: 67170 // JVNDB: JVNDB-2014-002373 // CNNVD: CNNVD-201405-035 // NVD: CVE-2014-2172

CREDITS

Cisco

Trust: 0.3

sources: BID: 67170

SOURCES

db:	VULHUB	id:	VHN-70111
db:	BID	id:	67170
db:	JVNDB	id:	JVNDB-2014-002373
db:	CNNVD	id:	CNNVD-201405-035
db:	NVD	id:	CVE-2014-2172

LAST UPDATE DATE

2025-04-13T23:05:07.066000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70111	date:	2014-05-02T00:00:00
db:	BID	id:	67170	date:	2014-05-09T00:42:00
db:	JVNDB	id:	JVNDB-2014-002373	date:	2014-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201405-035	date:	2014-05-07T00:00:00
db:	NVD	id:	CVE-2014-2172	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70111	date:	2014-05-02T00:00:00
db:	BID	id:	67170	date:	2014-04-30T00:00:00
db:	JVNDB	id:	JVNDB-2014-002373	date:	2014-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201405-035	date:	2014-05-07T00:00:00
db:	NVD	id:	CVE-2014-2172	date:	2014-05-02T10:55:08.383