CVE-2014-2170
Description
Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to tshell (aka tcsh) scripts, aka Bug ID CSCue60202.
Risk Information
Base Score
8.8
MODERATE
Vector
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.711
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities in Cisco TelePresence TC and TE Software For Cisco Telepresence Integrator C Series | NCM |
| Multiple Vulnerabilities in Cisco TelePresence TC and TE Software For Cisco IP Video Phone E20 | NCM |
| Improper Control of Generation of Code (Code Injection) Vulnerability (CVE-2014-2170) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706043 | Security Update for Cisco Telepresence Integrator C Series 9.1.1 |
| PATCH-1705541 | Security Update for Cisco IP Video Phone E20 6.1.0 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234