CVE-2014-0661
Cisco TelePresence System Software < 1.10.2(42) and < 6.0.4(11) - Remote Code Execution via XML-RPC Message
Title source: llmDescription
The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/102362
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90624
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65071
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56533
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029656
Scores
EPSS
0.0230
EPSS Percentile
81.2%
Details
CWE
CWE-94
Status
published
Products (38)
cisco/telepresence_system_1000
cisco/telepresence_system_1100
cisco/telepresence_system_1300-65
cisco/telepresence_system_3000
cisco/telepresence_system_3010
cisco/telepresence_system_3200
cisco/telepresence_system_3210
cisco/telepresence_system_500-32
cisco/telepresence_system_500-37
cisco/telepresence_system_software
1.5.10\(3648\)
... and 28 more
Published
Jan 22, 2014
Tracked Since
Feb 18, 2026