Details of VAR-201405-0492

ID

VAR-201405-0492

CVE

CVE-2014-2173

TITLE

Cisco TelePresence TC Software and TE Vulnerability gained privilege in software

Trust: 0.8

sources: JVNDB: JVNDB-2014-002374

DESCRIPTION

Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bug ID CSCub67692. Vendors have confirmed this vulnerability Bug ID CSCub67692 It is released as.A local user could gain privileges via an unspecified command. Multiple remote denial-of-service vulnerabilities 2. A buffer-overflow vulnerability 3. A command-injection vulnerability 4. A command-injection vulnerability 5. A heap-based buffer-overflow vulnerability 6. A local buffer-overflow vulnerability 7. A local authentication-bypass vulnerability 8. A remote denial-of-service vulnerability Attackers can exploit these issues to execute arbitrary code in the context of the device, bypass authentication mechanisms, gain unauthorized access, execute arbitrary commands, or cause denial-of-service conditions; other attacks may also be possible. These issues are being tracked by Cisco Bug IDs CSCud29566, CSCua64961, CSCuj94651, CSCtq72699, CSCto70562, CSCua86589, CSCty44804, CSCue60211, CSCue60202, CSCud81796, CSCub67693, CSCub67692, and CSCtq78849. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco)

Trust: 1.98

sources: NVD: CVE-2014-2173 // JVNDB: JVNDB-2014-002374 // BID: 67170 // VULHUB: VHN-70112

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence te software	scope:	eq	version:	6.0	Trust: 1.8
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.1.2	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.2.3	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.2.2	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.2.4	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.0.1	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.0.0	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.2.1	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.2.0	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.1.1	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.0.4	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.6	Trust: 1.0
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.1.2	Trust: 1.0
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.1.3	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.0.0	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.5	Trust: 1.0
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.0.2	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.1	Trust: 1.0
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.1.1	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.2	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.7	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.3	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.0	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.1.4	Trust: 1.0
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	cisco	model:	telepresence	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	4.x	Trust: 0.8
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	5.x	Trust: 0.8
vendor:	cisco	model:	telepresence te software	scope:	eq	version:	4.x	Trust: 0.8

sources: JVNDB: JVNDB-2014-002374 // CNNVD: CNNVD-201405-036 // NVD: CVE-2014-2173

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2173
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2173
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201405-036
value:	HIGH
Trust: 0.6
VULHUB:	VHN-70112
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2173
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-70112
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70112 // JVNDB: JVNDB-2014-002374 // CNNVD: CNNVD-201405-036 // NVD: CVE-2014-2173

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-70112 // JVNDB: JVNDB-2014-002374 // NVD: CVE-2014-2173

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201405-036

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201405-036

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002374

PATCH

title:	cisco-sa-20140430-tcte	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte	Trust: 0.8
title:	33897	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33897	Trust: 0.8
title:	cisco-sa-20140430-tcte	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122529_cisco-sa-20140430-tcte-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-002374

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2173	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-002374	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-036	Trust: 0.7
db:	CISCO	id:	20140430 MULTIPLE VULNERABILITIES IN CISCO TELEPRESENCE TC AND TE SOFTWARE	Trust: 0.6
db:	BID	id:	67170	Trust: 0.3
db:	VULHUB	id:	VHN-70112	Trust: 0.1

sources: VULHUB: VHN-70112 // BID: 67170 // JVNDB: JVNDB-2014-002374 // CNNVD: CNNVD-201405-036 // NVD: CVE-2014-2173

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140430-tcte	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2173	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2173	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-70112 // BID: 67170 // JVNDB: JVNDB-2014-002374 // CNNVD: CNNVD-201405-036 // NVD: CVE-2014-2173

CREDITS

Cisco

Trust: 0.3

sources: BID: 67170

SOURCES

db:	VULHUB	id:	VHN-70112
db:	BID	id:	67170
db:	JVNDB	id:	JVNDB-2014-002374
db:	CNNVD	id:	CNNVD-201405-036
db:	NVD	id:	CVE-2014-2173

LAST UPDATE DATE

2025-04-13T23:05:06.888000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70112	date:	2014-05-02T00:00:00
db:	BID	id:	67170	date:	2014-05-09T00:42:00
db:	JVNDB	id:	JVNDB-2014-002374	date:	2014-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201405-036	date:	2014-05-07T00:00:00
db:	NVD	id:	CVE-2014-2173	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70112	date:	2014-05-02T00:00:00
db:	BID	id:	67170	date:	2014-04-30T00:00:00
db:	JVNDB	id:	JVNDB-2014-002374	date:	2014-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201405-036	date:	2014-05-07T00:00:00
db:	NVD	id:	CVE-2014-2173	date:	2014-05-02T10:55:08.413