CVE-2015-0713

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Advanced Media Gateway Series Software versions 1.1(1.40) and earlier Cisco TelePresence IP Gateway Series Software (affected versions not specified) Cisco TelePresence IP VCR Series Software versions 3.0(1.27) and earlier Cisco TelePresence ISDN Gateway Software versions 2.2(1.94) and earlier Cisco TelePresence MCU Software versions prior to 4.4(3.54) and 4.5(1.45) Cisco TelePresence MSE Supervisor Software versions 2.3(1.38) and earlier Cisco TelePresence Serial Gateway Series Software versions 1.0(1.42) and earlier Cisco TelePresence Server Software for Hardware versions 3.1(1.98) and earlier Cisco TelePresence Server Software for Virtual Machine versions 4.1(1.79) and earlier

Description The web framework in the affected software allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. This issue is related to insufficient access control to files, which can be exploited by a remote attacker to execute arbitrary code with root privileges.

Recommendations For Cisco TelePresence Advanced Media Gateway Series Software version 1.1(1.40) and earlier, update to version 1.1(1.40) or later. For Cisco TelePresence IP Gateway Series Software, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Cisco TelePresence IP VCR Series Software versions 3.0(1.27) and earlier, update to version 3.0(1.27) or later. For Cisco TelePresence ISDN Gateway Software versions 2.2(1.94) and earlier, update to version 2.2(1.94) or later. For Cisco TelePresence MCU Software versions prior to 4.4(3.54) and 4.5(1.45), update to version 4.4(3.54) or 4.5(1.45) or later. For Cisco TelePresence MSE Supervisor Software versions 2.3(1.38) and earlier, update to version 2.3(1.38) or later. For Cisco TelePresence Serial Gateway Series Software versions 1.0(1.42) and earlier, update to version 1.0(1.42) or later. For Cisco TelePresence Server Software for Hardware versions 3.1(1.98) and earlier, update to version 3.1(1.98) or later. For Cisco TelePresence Server Software for Virtual Machine versions 4.1(1.79) and earlier, update to version 4.1(1.79) or later.