CVE-2016-6459
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
19/11/2016
Last modified:
12/04/2025
Description
Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
4.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:telepresence_tc_software:7.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:telepresence_tc_software:7.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:telepresence_tc_software:7.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:telepresence_tc_software:7.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:telepresence_tc_software:7.1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:telepresence_tc_software:7.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:telepresence_tc_software:7.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:telepresence_tc_software:7.3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:telepresence_tc_software:7.3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:telepresence_tc_software:8.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:telepresence_tc_software:8.1.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/94075
- http://www.securitytracker.com/id/1037187
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp
- http://www.securityfocus.com/bid/94075
- http://www.securitytracker.com/id/1037187
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp