CVE-2014-2170

Published: May 2, 2014Modified: May 6, 2026

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability: 8.0 / Impact: 10.0

Source: NVD

Description

Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to tshell (aka tcsh) scripts, aka Bug ID CSCue60202.

Affected (26)

Products: Cisco: Telepresence Te Software, Telepresence Tc Software

Cisco

2 products

Telepresence Te Software

Telepresence Tc Software

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Cisco Telepresence Te Software	Version 4.1.0
Cisco Telepresence Te Software	Version 4.1.1
Cisco Telepresence Te Software	Version 4.1.2
Cisco Telepresence Te Software	Version 4.1.3
Cisco Telepresence Te Software	Version 6.0

Configuration B

21 vulnerable

Vulnerable Software	Affected Versions
Cisco Telepresence Tc Software	Version 4.0.0
Cisco Telepresence Tc Software	Version 4.0.1
Cisco Telepresence Tc Software	Version 4.0.4
Cisco Telepresence Tc Software	Version 4.1.1
Cisco Telepresence Tc Software	Version 4.1.2
Cisco Telepresence Tc Software	Version 4.2.0
Cisco Telepresence Tc Software	Version 4.2.1
Cisco Telepresence Tc Software	Version 4.2.2
Cisco Telepresence Tc Software	Version 4.2.3
Cisco Telepresence Tc Software	Version 4.2.4
Cisco Telepresence Tc Software	Version 5.0.0
Cisco Telepresence Tc Software	Version 5.0.1
Cisco Telepresence Tc Software	Version 5.0.2
Cisco Telepresence Tc Software	Version 5.1.0
Cisco Telepresence Tc Software	Version 5.1.1
Cisco Telepresence Tc Software	Version 5.1.2
Cisco Telepresence Tc Software	Version 5.1.3
Cisco Telepresence Tc Software	Version 5.1.4
Cisco Telepresence Tc Software	Version 5.1.5
Cisco Telepresence Tc Software	Version 5.1.6
Cisco Telepresence Tc Software	Version 6.0.0

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.