Strix
26.1K

CVE-2014-0661

UnknownEPSS 2.30%

Last modified

CVE-2014-0661 is a vulnerability of currently unknown severity. The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796.. EPSS estimates a 2.30% chance of exploitation in the next 30 days.

Description

The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796.

Metrics

EPSS Probability
2.30%

81.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoTelepresence System Software<= 1.10.1\(43\)
CiscoTelepresence System Software1.5.10\(3648\)
CiscoTelepresence System Software1.7.5\(42\)
CiscoTelepresence System Software1.7.6\(4\)
CiscoTelepresence System Software1.8.0\(55\)
CiscoTelepresence System Software1.8.1\(34\)
CiscoTelepresence System Software1.8.2\(11\)
CiscoTelepresence System Software1.8.3\(4\)
CiscoTelepresence System Software1.8.4\(13\)
CiscoTelepresence System Software1.8.5\(4\)
CiscoTelepresence System Software1.9.0\(46\)
CiscoTelepresence System Software1.9.1\(68\)
CiscoTelepresence System Software1.9.2\(19\)
CiscoTelepresence System Software1.9.3\(44\)
CiscoTelepresence System Software1.9.4\(19\)
CiscoTelepresence System Software1.9.5\(7\)
CiscoTelepresence System Software1.9.6\(2\)
CiscoTelepresence System Software1.9.6.1\(3\)
CiscoTelepresence System Software1.10.0
CiscoTelepresence System Software1.10.0\(259\)
CiscoTelepresence System Software1.10.1
CiscoTelepresence System 1000All versions
CiscoTelepresence System 1300-65All versions
CiscoTelepresence System 3000All versions
CiscoTelepresence System 3010All versions
CiscoTelepresence System 3200All versions
CiscoTelepresence System 3210All versions
CiscoTelepresence System 500-37All versions
CiscoTelepresence System Software<= 6.0.3\(33\)
CiscoTelepresence System Software6.0.0.1\(4\)
CiscoTelepresence System Software6.0.1\(50\)
CiscoTelepresence System Software6.0.2\(28\)
CiscoTelepresence System Software6.1.0\(90\)
CiscoTelepresence System 1100All versions
CiscoTelepresence System 500-32All versions
CiscoTelepresence System Tx1300 47All versions
CiscoTelepresence System Tx1310 65All versions
CiscoTelepresence System Tx9000All versions
CiscoTelepresence System Tx9200All versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2014-0661?
The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796.
How severe is CVE-2014-0661?
Severity scoring for CVE-2014-0661 is pending analysis. The EPSS model estimates a 2.30% probability of exploitation in the next 30 days.
How do I fix CVE-2014-0661?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-0661?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST