Privilege escalation in Cisco TelePresence Endpoints - CVE-2016-6459
Published: November 3, 2016 / Updated: April 5, 2018
Vulnerability identifier: #VU1141
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6459
CWE-ID: CWE-78
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco TelePresence Endpoints
Cisco TelePresence Endpoints
Detailed vulnerability description
The vulnerability allows a local user to gain elevated privileges on the target system.
The weakness is due to input validation error. By sending a specially crsfted parameter values, a local attacker can inject and execute shell commands that may lead to disclosure of potentially sensitive information, including private keys.
Successful exploitation of the vulnerability results in privilege escalation.
The weakness is due to input validation error. By sending a specially crsfted parameter values, a local attacker can inject and execute shell commands that may lead to disclosure of potentially sensitive information, including private keys.
Successful exploitation of the vulnerability results in privilege escalation.
How to mitigate CVE-2016-6459
Update fixed versions from the vendor's website.