CVE-2014-2169

Published: May 2, 2014Modified: May 6, 2026

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability: 8.0 / Impact: 10.0

Source: NVD

Description

Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal system scripts, aka Bug ID CSCue60211.

Affected (31)

Products: Cisco: Telepresence Tc Software, Telepresence Te Software

Cisco

2 products

Telepresence Tc Software

Telepresence Te Software

Configuration A

26 vulnerable

Vulnerable Software	Affected Versions
Cisco Telepresence Tc Software	Version 4.0.0
Cisco Telepresence Tc Software	Version 4.0.1
Cisco Telepresence Tc Software	Version 4.0.4
Cisco Telepresence Tc Software	Version 4.1.1
Cisco Telepresence Tc Software	Version 4.1.2
Cisco Telepresence Tc Software	Version 4.2.0
Cisco Telepresence Tc Software	Version 4.2.1
Cisco Telepresence Tc Software	Version 4.2.2
Cisco Telepresence Tc Software	Version 4.2.3
Cisco Telepresence Tc Software	Version 4.2.4
Cisco Telepresence Tc Software	Version 5.0.0
Cisco Telepresence Tc Software	Version 5.0.1
Cisco Telepresence Tc Software	Version 5.0.2
Cisco Telepresence Tc Software	Version 5.1.0
Cisco Telepresence Tc Software	Version 5.1.1
Cisco Telepresence Tc Software	Version 5.1.2
Cisco Telepresence Tc Software	Version 5.1.3
Cisco Telepresence Tc Software	Version 5.1.4
Cisco Telepresence Tc Software	Version 5.1.5
Cisco Telepresence Tc Software	Version 5.1.6
Cisco Telepresence Tc Software	Version 5.1.7
Cisco Telepresence Tc Software	Version 6.0.0
Cisco Telepresence Tc Software	Version 6.0.1
Cisco Telepresence Tc Software	Version 6.1.0
Cisco Telepresence Tc Software	Version 6.1.1
Cisco Telepresence Tc Software	Version 6.1.2

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Cisco Telepresence Te Software	Version 4.1.0
Cisco Telepresence Te Software	Version 4.1.1
Cisco Telepresence Te Software	Version 4.1.2
Cisco Telepresence Te Software	Version 4.1.3
Cisco Telepresence Te Software	Version 6.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.