CVE-2014-0661

Severity CVSS v4.0:

Pending analysis

Type:

CWE-94 Code Injection

Publication date:

22/01/2014

Last modified:

11/04/2025

Description

The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796.

Impact

Vector 2.0

AV:A/AC:L/Au:N/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 8.30 HIGH
Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0

8.30

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:cisco:telepresence_system_software::::::::		1.10.1\(43\) (including)
cpe:2.3:a:cisco:telepresence_system_software:1.5.10\(3648\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.7.5\(42\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.7.6\(4\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.8.0\(55\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.8.1\(34\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.8.2\(11\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.8.3\(4\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.8.4\(13\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.8.5\(4\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.9.0\(46\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.9.1\(68\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.9.2\(19\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.9.3\(44\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.9.4\(19\):::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:cisco:telepresence_system_software::::::::		1.10.1\(43\) (including)
cpe:2.3:a:cisco:telepresence_system_software:1.5.10\(3648\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.7.5\(42\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.7.6\(4\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.8.0\(55\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.8.1\(34\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.8.2\(11\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.8.3\(4\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.8.4\(13\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.8.5\(4\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.9.0\(46\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.9.1\(68\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.9.2\(19\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.9.3\(44\):::::::*
cpe:2.3:a:cisco:telepresence_system_software:1.9.4\(19\):::::::*

CVE-2014-0661

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools