CVE-2011-0375

Description

The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671.

Affected products

• Cisco / telepresence_system_1000
• Cisco / telepresence_system_1100
• Cisco / telepresence_system_1300_series
• Cisco / telepresence_system_3000
• Cisco / telepresence_system_3200_series
• Cisco / telepresence_system_500_series
• Cisco / telepresence_system_software1.5.11 – 1.5.11
• Cisco / telepresence_system_software1.5.12 – 1.5.12
• Cisco / telepresence_system_software1.5.13 – 1.5.13
• Cisco / telepresence_system_software1.6.0 – 1.6.0
• Cisco / telepresence_system_software1.6.2 – 1.6.2
• Cisco / telepresence_system_software1.2.3 – 1.2.3
• Cisco / telepresence_system_software1.6.4 – 1.6.4
• Cisco / telepresence_system_software1.6.5 – 1.6.5
• Cisco / telepresence_system_software1.6.6 – 1.6.6
• Cisco / telepresence_system_software1.6.7 – 1.6.7
• Cisco / telepresence_system_software1.6.8 – 1.6.8
• Cisco / telepresence_system_software1.6.3 – 1.6.3
• Cisco / telepresence_system_software1.3.2 – 1.3.2
• Cisco / telepresence_system_software1.4.7 – 1.4.7
• Cisco / telepresence_system_software1.5.1 – 1.5.1
• Cisco / telepresence_system_software1.5.3 – 1.5.3
• Cisco / telepresence_system_software1.5.10 – 1.5.10

References

• MISChttp://www.securitytracker.com/id?1025112
• VENDOR_ADVISORYhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e152.shtml