Cisco TelePresence application programming interfaces (APIs) that are hosted on Cisco TelePresence endpoint devices contain a vulnerability related to Cisco TelePresence Immersive Endpoint System that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted device.
The vulnerability is due to improper processing of malformed requests by the affected software. An unauthenticated, remote attacker on an adjacent network could exploit this vulnerability by sending malicious requests to the device. If successful, the attacker could execute arbitrary commands on the device with elevated privileges, possibly resulting in a complete compromise.
Cisco has confirmed the vulnerability in a security advisory and released software updates.