A vulnerability in the
implementation of executable utilities that use the universal bootloader
(u-boot) compiler of Cisco TelePresence TC and TE Software could allow
an authenticated, local attacker to create a buffer overflow and
possibly execute arbitrary code on the affected system.
vulnerability is due to the improper implementation of internal executable files
when the u-boot compiler flag is defined. An attacker could exploit
this vulnerability by accessing the affected system command-line interface (CLI) and try to run
the affected executable files.
Cisco has confirmed the vulnerability in a security advisory and released software updates.
A successful exploit would require local access to the targeted device. This access requirement decreases the likelihood of a successful exploit.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.