Home

CVE-2012-2486

Description

The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953.

Risk Information

Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.028

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch For Cisco TelePresence ManagerNCM
Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch For Cisco TelePresence Multipoint SwitchNCM
Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch For Cisco TelePresence Recording ServerNCM
Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch For Cisco TelePresence System 3000 SeriesNCM
Improper Control of Generation of Code (Code Injection) Vulnerability (CVE-2012-2486)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1705376Security Update for Cisco TelePresence Manager 1.9.0(186)
PATCH-1702381Security Update for Cisco TelePresence Multipoint Switch 10.0(2)
PATCH-1702392Security Update for Cisco TelePresence Recording Server 10.0(2)
PATCH-1705615Security Update for Cisco TelePresence System 3000 Series 1.9.10:5

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234