MEDIUM✓ PATCH🇬🇧 English

CVE-2021-34716

CVSS 6.7v3.1pub. 2021-08-18upd. 2024-11-21

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user. This vulnerability is due to incorrect handling of certain crafted software images that are uploaded to the affected device. An attacker could exploit this vulnerability by authenticating to the system as an administrative user and then uploading specific crafted software images to the affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
  • Cisco Expressway

    APP
    Cisco
    x8.6.0 – x14.1 (bez)
  • Cisco Telepresence Video Communication Server

    APP
    Cisco
    x8.6 – x14.0.3
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2024-20252CRITICAL9.6PL ✓ten sam produkt

CSRF w Cisco Expressway Series i TelePresence VCS — nieautoryzowane działania

CVE-2024-20254CRITICAL9.6PL ✓ten sam produkt

CSRF w Cisco Expressway i TelePresence VCS umożliwiający zdalne działania

CVE-2023-20192CRITICAL9.6ten sam produkt

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) co...

CVE-2023-20105CRITICAL9.6ten sam produkt

A vulnerability in the change password functionality of Cisco Expressway Series and Cisco TelePresence Video C...

CVE-2022-20813CRITICAL9.0ten sam produkt

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and C...