Guest

Preview Tool

Cisco Bug: CSCur05025 - Telepresence ISDN Link evaluation for CVE-2014-6271 and CVE-2014-7169

Last Modified

Jan 30, 2016

Products (1)

  • Cisco TelePresence ISDN Link

Known Affected Releases

1.1.2

Description (partial)

Symptom:
The Cisco Telepresence ISDN Link includes a version of bash that is affected by the vulnerabilities
identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-6271
CVE-2014-7169

This bug has been opened to address the potential impact on this product.

Conditions:
Currently, the only known attack vector is DHCP.  

A specially crafted DHCP response could end up in the environment of a bash script on the
endpoint, allowing arbitrary code execution.

xConfiguration Network 1 Assignment: DHCP

Exposure is not configuration dependant (default configuration is vulnerable)
Authentication is not required to exploit this vulnerability with DHCP.   DHCP is not required for the correct operation of this product as is uses IPv6 link local addressing.

Note: 
The is no web server in this product.

SSH/Telnet, if enabled, can trigger the bug, but you can only trigger commands
to be run as the user logging in (and only after authentication), so it
is not considered vulnerable.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.