Vulnerabilities > CVE-2021-34716 - Improper Handling of Exceptional Conditions vulnerability in Cisco products

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

cisco

CWE-755

NVD

Published: 2021-08-18

Updated: 2023-11-07

Summary

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user. This vulnerability is due to incorrect handling of certain crafted software images that are uploaded to the affected device. An attacker could exploit this vulnerability by authenticating to the system as an administrative user and then uploading specific crafted software images to the affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Telepresence Video Communication Server X8.6 Cisco Telepresence Video Communication Server X8.6.0 Cisco Telepresence Video Communication Server X8.6.1 Cisco Telepresence Video Communication Server X8.7 Cisco Telepresence Video Communication Server X8.7.0 Cisco Telepresence Video Communication Server X8.7.1 Cisco Telepresence Video Communication Server X8.7.2 Cisco Telepresence Video Communication Server X8.7.3 Cisco Telepresence Video Communication Server X8.8 Cisco Telepresence Video Communication Server X8.8.1 Cisco Telepresence Video Communication Server X8.8.2 Cisco Telepresence Video Communication Server X8.8.3 Cisco Telepresence Video Communication Server X8.9 Cisco Telepresence Video Communication Server X8.9.1 Cisco Telepresence Video Communication Server X8.9.2 Cisco Telepresence Video Communication Server X8.10 Cisco Telepresence Video Communication Server X8.10.1 Cisco Telepresence Video Communication Server X8.10.2 Cisco Telepresence Video Communication Server X8.10.3 Cisco Telepresence Video Communication Server X8.10.4 Cisco Telepresence Video Communication Server X8.11 Cisco Telepresence Video Communication Server X8.11.0 Cisco Telepresence Video Communication Server X8.11.4 Cisco Telepresence Video Communication Server X12.5 Cisco Telepresence Video Communication Server X12.5.0 Cisco Telepresence Video Communication Server X12.5.1 Cisco Telepresence Video Communication Server X12.5.2 Cisco Telepresence Video Communication Server X12.5.3 Cisco Telepresence Video Communication Server X12.5.4 Cisco Telepresence Video Communication Server X12.5.5 Cisco Telepresence Video Communication Server X12.5.6 Cisco Telepresence Video Communication Server X12.5.7 Cisco Telepresence Video Communication Server X12.5.8 Cisco Telepresence Video Communication Server X12.5.9 Cisco Telepresence Video Communication Server X12.6.0 Cisco Telepresence Video Communication Server X12.6.1 Cisco Telepresence Video Communication Server X12.6.2 Cisco Telepresence Video Communication Server X12.6.3 Cisco Telepresence Video Communication Server X12.6.4 Cisco Telepresence Video Communication Server X12.7.0 Cisco Telepresence Video Communication Server X12.7.1 Cisco Telepresence Video Communication Server X14.0.1 Cisco Telepresence Video Communication Server X14.0.2 Cisco Telepresence Video Communication Server X14.0.3 Cisco Expressway X8.6.0 Cisco Expressway X8.6.1 Cisco Expressway X8.7.0 Cisco Expressway X8.7.1 Cisco Expressway X8.7.2 Cisco Expressway X8.7.3 Cisco Expressway X8.8.0 Cisco Expressway X8.8.1 Cisco Expressway X8.8.2 Cisco Expressway X8.8.3 Cisco Expressway X8.9 Cisco Expressway X8.9.1 Cisco Expressway X8.9.2 Cisco Expressway X8.10 Cisco Expressway X8.10.1 Cisco Expressway X8.10.2 Cisco Expressway X8.10.3 Cisco Expressway X8.10.4 Cisco Expressway X8.11 Cisco Expressway X8.11.4 Cisco Expressway X12.5 Cisco Expressway X12.5.1 Cisco Expressway X12.5.2 Cisco Expressway X12.5.3 Cisco Expressway X12.6.3	74

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewrce-QPynNCjh