CVE-2012-3076

The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:telepresence_recording_server::::::::
	cpe:2.3:a:cisco:telepresence_recording_server:1.6.1\(2\):::::::*
	cpe:2.3:a:cisco:telepresence_recording_server:1.6.2\(31\):::::::*
	cpe:2.3:a:cisco:telepresence_recording_server:1.6.3\(4\):::::::*
	cpe:2.3:a:cisco:telepresence_recording_server:1.7.0\(190\):::::::*
	cpe:2.3:a:cisco:telepresence_recording_server:1.7.1\(22\):::::::*
	cpe:2.3:a:cisco:telepresence_recording_server:1.7.2.1:::::::*

History

No history.

Information

Published : 2012-07-12 10:34

Updated : 2024-02-04 18:16

NVD link : CVE-2012-3076

Mitre link : CVE-2012-3076

CVE.ORG link : CVE-2012-3076

JSON object : View

Products Affected

cisco

telepresence_recording_server

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2012-3076", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-07-12T10:34:42.427", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804."}, {"lang": "es", "value": "La interfaz web de administraci\u00f3n en Cisco TelePresence Recording Server anterior a v1.8.0 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCth85804."}], "lastModified": "2012-07-12T10:34:42.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_recording_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C6C831E-2E44-4B93-8406-5FF6CF2E23F4", "versionEndIncluding": "1.7.3\\(3\\)"}, {"criteria": "cpe:2.3:a:cisco:telepresence_recording_server:1.6.1\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BBF5E51-247F-4574-8A32-23DB07ED6E8F"}, {"criteria": "cpe:2.3:a:cisco:telepresence_recording_server:1.6.2\\(31\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FCFA18B-3AE2-44F0-9C6F-4DE0839AA74B"}, {"criteria": "cpe:2.3:a:cisco:telepresence_recording_server:1.6.3\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B175720C-9E5F-460D-9111-A22FBF035A82"}, {"criteria": "cpe:2.3:a:cisco:telepresence_recording_server:1.7.0\\(190\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21E362D5-C7AF-443C-B3D3-43D97F04E25F"}, {"criteria": "cpe:2.3:a:cisco:telepresence_recording_server:1.7.1\\(22\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E599CC38-9431-4E7F-ADDF-524042C83DA9"}, {"criteria": "cpe:2.3:a:cisco:telepresence_recording_server:1.7.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D042A24-4621-4D8A-AFF5-219300ED4DC6"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}