Cisco Bug: CSCur05025 - Telepresence ISDN Link evaluation for CVE-2014-6271 and CVE-2014-7169
Jan 30, 2016
- Cisco TelePresence ISDN Link
Known Affected Releases
Symptom: The Cisco Telepresence ISDN Link includes a version of bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-6271 CVE-2014-7169 This bug has been opened to address the potential impact on this product. Conditions: Currently, the only known attack vector is DHCP. A specially crafted DHCP response could end up in the environment of a bash script on the endpoint, allowing arbitrary code execution. xConfiguration Network 1 Assignment: DHCP Exposure is not configuration dependant (default configuration is vulnerable) Authentication is not required to exploit this vulnerability with DHCP. DHCP is not required for the correct operation of this product as is uses IPv6 link local addressing. Note: The is no web server in this product. SSH/Telnet, if enabled, can trigger the bug, but you can only trigger commands to be run as the user logging in (and only after authentication), so it is not considered vulnerable.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases