CVE-2012-2486

The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953.

CVSS v2.0 8.3 HIGH

8.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:A/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 6.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:cisco:telepresence_multipoint_switch_software::::::::
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.0.4.0:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.0.4.0\(21\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.0:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.0\(254\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.1:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.1\(30\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.2:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.2\(6\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.0:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.0\(222\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.1:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.1\(2\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.2:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.2\(21\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.3:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.3.12:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.4:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.4\(4\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.5:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.5\(1\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.6:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.6\(1\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.0:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.0\(108\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.1:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.1\(2\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.2:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.2\(3\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.3:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.3\(2\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.4:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.4\(3\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.7.0:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.7.0.1\(5\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.7.1\(15\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.7.2\(75\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.7.3\(2\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.8.0:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.8.0\(1026\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.8.1\(1041\):::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.8.2:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.8.2\(2\):::::::*

cpe:2.3:h:cisco:telepresence_multipoint_switch:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:cisco:telepresence_system_software::::::::
	cpe:2.3:a:cisco:telepresence_system_software:1.2.3\(1101\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.3.2\(1393\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.4.7\(2229\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.5.1\(2082\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.5.3\(2115\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.5.10\(3648\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.5.11\(3659\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.5.12\(3701\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.5.13\(3717\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.6.0\(3954\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.6.2\(4023\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.6.3\(4042\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.6.4\(4072\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.6.5\(4097\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.6.6\(4109\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.6.7\(4212\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.6.8\(4222\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.7.0.1\(4764\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.7.0.2\(4719\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.7.1\(4864\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.7.2\(4937\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.7.2.1\(2\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.7.4\(270\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.7.5\(42\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.7.6\(4\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.8.0\(55\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.8.1\(34\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.8.2\(11\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.8.3\(4\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:1.9.0\(46\):::::::*
	cpe:2.3:a:cisco:telepresence_system_software:4.0.0:::::::*

OR	cpe:2.3:h:cisco:telepresence_system_1300_65::::::::
	cpe:2.3:h:cisco:telepresence_system_3000::::::::
	cpe:2.3:h:cisco:telepresence_system_3010::::::::
	cpe:2.3:h:cisco:telepresence_system_3200::::::::
	cpe:2.3:h:cisco:telepresence_system_3210::::::::
	cpe:2.3:h:cisco:telepresence_system_t3::::::::
	cpe:2.3:h:cisco:telepresence_system_t3:::custom:::::*
	cpe:2.3:h:cisco:telepresence_system_tx1300_47::::::::
	cpe:2.3:h:cisco:telepresence_system_tx1310_65::::::::
	cpe:2.3:h:cisco:telepresence_system_tx9000::::::::
	cpe:2.3:h:cisco:telepresence_system_tx9200::::::::

Configuration 3 (hide)

OR	cpe:2.3:a:cisco:telepresence_manager::::::::
	cpe:2.3:a:cisco:telepresence_manager:1.1.0.0:::::::*
	cpe:2.3:a:cisco:telepresence_manager:1.1.0.0\(209\):::::::*
	cpe:2.3:a:cisco:telepresence_manager:1.2.0.0:::::::*
	cpe:2.3:a:cisco:telepresence_manager:1.2.0.0\(200\):::::::*
	cpe:2.3:a:cisco:telepresence_manager:1.3.2\(466\):::::::*
	cpe:2.3:a:cisco:telepresence_manager:1.4.0\(279\):::::::*
	cpe:2.3:a:cisco:telepresence_manager:1.5.1\(420\):::::::*
	cpe:2.3:a:cisco:telepresence_manager:1.5.2\(423\):::::::*
	cpe:2.3:a:cisco:telepresence_manager:1.6.0\(220\):::::::*
	cpe:2.3:a:cisco:telepresence_manager:1.6.2\(64\):::::::*
	cpe:2.3:a:cisco:telepresence_manager:1.6.3\(113\):::::::*
	cpe:2.3:a:cisco:telepresence_manager:1.6.5\(167\):::::::*
	cpe:2.3:a:cisco:telepresence_manager:1.7.1\(732\):::::::*
	cpe:2.3:a:cisco:telepresence_manager:1.7.2\(256\):::::::*
	cpe:2.3:a:cisco:telepresence_manager:1.7.3.1:::::::*
	cpe:2.3:a:cisco:telepresence_manager:1.7.4:::::::*
	cpe:2.3:a:cisco:telepresence_manager:1.7.5\(62\):::::::*
	cpe:2.3:a:cisco:telepresence_manager:1.8.0\(582\):::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:cisco:telepresence_recording_server::::::::
	cpe:2.3:a:cisco:telepresence_recording_server:1.6.1\(2\):::::::*
	cpe:2.3:a:cisco:telepresence_recording_server:1.6.2\(31\):::::::*
	cpe:2.3:a:cisco:telepresence_recording_server:1.6.3\(4\):::::::*
	cpe:2.3:a:cisco:telepresence_recording_server:1.7.0\(190\):::::::*
	cpe:2.3:a:cisco:telepresence_recording_server:1.7.1\(22\):::::::*
	cpe:2.3:a:cisco:telepresence_recording_server:1.7.2.1:::::::*
	cpe:2.3:a:cisco:telepresence_recording_server:1.7.3\(3\):::::::*

History

No history.

Information

Published : 2012-07-12 10:34

Updated : 2024-02-28 12:00

NVD link : CVE-2012-2486

Mitre link : CVE-2012-2486

CVE.ORG link : CVE-2012-2486

JSON object : View

Products Affected

cisco

telepresence_system_tx1310_65
telepresence_system_3210
telepresence_system_1300_65
telepresence_system_tx1300_47
telepresence_manager
telepresence_recording_server
telepresence_system_tx9200
telepresence_system_software
telepresence_system_t3
telepresence_multipoint_switch_software
telepresence_system_3000
telepresence_system_3200
telepresence_multipoint_switch
telepresence_system_tx9000
telepresence_system_3010

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

8.3 /10