Cisco Unified Videoconferencing Multiple Remote Command Injection Vulnerabilities

Cisco Unified Videoconferencing is prone to multiple remote command-injection vulnerabilities because it fails to properly sanitize user-supplied input.

An administrator who is authenticated to the web interface of a Cisco UVC product can exploit these issues to execute arbitrary commands with root-level privileges on the Linux operating system.

These issues are being tracked by Cisco bug ID CSCti54059.

NOTE: These issues were previously discussed in BID 44908 (Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness) but have been given their own record for better documentation.


Privacy Statement
Copyright 2010, SecurityFocus