8.3
CVE-2014-0661
- EPSS 4.04%
- Published 22.01.2014 21:55:03
- Last modified 11.04.2025 00:51:21
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Telepresence System Software Version <= 1.10.1\(43\)
Cisco ≫ Telepresence System Software Version1.10.0
Cisco ≫ Telepresence System Software Version1.10.1
Cisco ≫ Telepresence System 1000 Version-
Cisco ≫ Telepresence System 1300-65 Version-
Cisco ≫ Telepresence System 500-37 Version-
Cisco ≫ Telepresence System Software Version <= 6.0.3\(33\)
Cisco ≫ Telepresence System 1100 Version-
Cisco ≫ Telepresence System 500-32 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.04% | 0.88 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.3 | 6.5 | 10 |
AV:A/AC:L/Au:N/C:C/I:C/A:C
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.