=====================================================================

                           CERT-Renater

               Note d'Information No. 2014/VULN022
_____________________________________________________________________

DATE                : 23/01/2014

HARDWARE PLATFORM(S): Cisco TelePresence System.

OPERATING SYSTEM(S): Cisco TelePresence System Software.

======================================================================
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts
______________________________________________________________________

Cisco Security Advisory: Cisco TelePresence System Software Command
Execution Vulnerability

Advisory ID: cisco-sa-20140122-cts

Revision 1.0

For Public Release 2014 January 22 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco TelePresence System Software contains a vulnerability in the
System Status Collection Daemon (SSCD) code that could allow an
unauthenticated, adjacent attacker to execute arbitrary commands with
the privileges of the root user.

Cisco has released free software updates that address this
vulnerability. No workarounds that mitigate this vulnerability are
available. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================