Cisco Unified Videoconferencing Multiple Remote Command Injection Vulnerabilities
Cisco Unified Videoconferencing is prone to multiple remote command-injection vulnerabilities because it fails to properly sanitize user-supplied input.
An administrator who is authenticated to the web interface of a Cisco UVC product can exploit these issues to execute arbitrary commands with root-level privileges on the Linux operating system.
These issues are being tracked by Cisco bug ID CSCti54059.
NOTE: These issues were previously discussed in BID 44908 (Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness) but have been given their own record for better documentation.