Cisco TelePresence TC/TE software Authentication Bypass Vulnerability (CVE-2014-2174)
Cisco TelePresence TC/TE software Authentication Bypass Vulnerability (CVE-2014-2174)
Release date:
Updated on:
Affected Systems:
Cisco TelePresence TC Software <7.1
Description:
Bugtraq id: 74639
CVE (CAN) ID: CVE-2014-2174
Cisco TelePresence is a Cisco TelePresence solution that provides ultra-high-definition video images (1080 p) in real size, CD-quality audio, specially designed environments, and interactive components, this provides a "face-to-face" meeting experience for remote participants.
In versions earlier than Cisco TelePresence T/TC/TE 7.1, access control is not implemented correctly, allowing remote attackers to obtain root privileges.
<* Source: Cisco
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc
*>
Suggestion:
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20150513-tc) and patches for this:
Cisco-sa-20150513-tc: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc
This article permanently updates the link address: