Lucene search

CiscoCVE-2011-0380

HistoryFeb 25, 2011 - 12:00 p.m.

CVE-2011-0380

2011-02-2512:00:18

CWE-287

cisco

web.nvd.nist.gov

cisco

telepresence

manager

authentication bypass

remote attackers

soap request

bug id

csctc59562

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.008

Percentile

81.9%

JSON

Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562.

Affected configurations

Nvd

Node

ciscotelepresence_managerMatch1.2.0.0

ciscotelepresence_managerMatch1.3.2

ciscotelepresence_managerMatch1.4.0

ciscotelepresence_managerMatch1.5.1

ciscotelepresence_managerMatch1.5.2

ciscotelepresence_managerMatch1.6.0

ciscotelepresence_managerMatch1.6.2

ciscotelepresence_managerMatch1.6.3

ciscotelepresence_managerMatch1.6.5

VendorProductVersionCPE
ciscotelepresence_manager1.2.0.0cpe:2.3:a:cisco:telepresence_manager:1.2.0.0:*:*:*:*:*:*:*
ciscotelepresence_manager1.3.2cpe:2.3:a:cisco:telepresence_manager:1.3.2:*:*:*:*:*:*:*
ciscotelepresence_manager1.4.0cpe:2.3:a:cisco:telepresence_manager:1.4.0:*:*:*:*:*:*:*
ciscotelepresence_manager1.5.1cpe:2.3:a:cisco:telepresence_manager:1.5.1:*:*:*:*:*:*:*
ciscotelepresence_manager1.5.2cpe:2.3:a:cisco:telepresence_manager:1.5.2:*:*:*:*:*:*:*
ciscotelepresence_manager1.6.0cpe:2.3:a:cisco:telepresence_manager:1.6.0:*:*:*:*:*:*:*
ciscotelepresence_manager1.6.2cpe:2.3:a:cisco:telepresence_manager:1.6.2:*:*:*:*:*:*:*
ciscotelepresence_manager1.6.3cpe:2.3:a:cisco:telepresence_manager:1.6.3:*:*:*:*:*:*:*
ciscotelepresence_manager1.6.5cpe:2.3:a:cisco:telepresence_manager:1.6.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	telepresence_manager	1.2.0.0	cpe:2.3:a:cisco:telepresence_manager:1.2.0.0:::::::*
cisco	telepresence_manager	1.3.2	cpe:2.3:a:cisco:telepresence_manager:1.3.2:::::::*
cisco	telepresence_manager	1.4.0	cpe:2.3:a:cisco:telepresence_manager:1.4.0:::::::*
cisco	telepresence_manager	1.5.1	cpe:2.3:a:cisco:telepresence_manager:1.5.1:::::::*
cisco	telepresence_manager	1.5.2	cpe:2.3:a:cisco:telepresence_manager:1.5.2:::::::*
cisco	telepresence_manager	1.6.0	cpe:2.3:a:cisco:telepresence_manager:1.6.0:::::::*
cisco	telepresence_manager	1.6.2	cpe:2.3:a:cisco:telepresence_manager:1.6.2:::::::*
cisco	telepresence_manager	1.6.3	cpe:2.3:a:cisco:telepresence_manager:1.6.3:::::::*
cisco	telepresence_manager	1.6.5	cpe:2.3:a:cisco:telepresence_manager:1.6.5:::::::*

References

www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14f.shtml

www.securityfocus.com/bid/46526

www.securitytracker.com/id?1025111

exchange.xforce.ibmcloud.com/vulnerabilities/65618

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.008

Percentile

81.9%

JSON

Related for CVE-2011-0380