Lucene search

CiscoCVE-2011-0383

HistoryFeb 25, 2011 - 12:00 p.m.

CVE-2011-0383

2011-02-2512:00:18

CWE-287

cisco

web.nvd.nist.gov

cve-2011-0383

cisco

telepresence

recording

server

ctms

remote attackers

arbitrary code

crafted requests

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

Low

EPSS

0.105

Percentile

95.0%

JSON

The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008.

Affected configurations

Nvd

Node

ciscotelepresence_recording_server_softwareMatch1.6.1

AND

ciscotelepresence_recording_server

Node

ciscotelepresence_multipoint_switch_softwareMatch1.0.4.0

ciscotelepresence_multipoint_switch_softwareMatch1.1.0

ciscotelepresence_multipoint_switch_softwareMatch1.1.1

ciscotelepresence_multipoint_switch_softwareMatch1.1.2

ciscotelepresence_multipoint_switch_softwareMatch1.5.0

ciscotelepresence_multipoint_switch_softwareMatch1.5.1

ciscotelepresence_multipoint_switch_softwareMatch1.5.2

ciscotelepresence_multipoint_switch_softwareMatch1.5.3

ciscotelepresence_multipoint_switch_softwareMatch1.5.4

ciscotelepresence_multipoint_switch_softwareMatch1.5.5

ciscotelepresence_multipoint_switch_softwareMatch1.5.6

ciscotelepresence_multipoint_switch_softwareMatch1.6.0

ciscotelepresence_multipoint_switch_softwareMatch1.6.1

ciscotelepresence_multipoint_switch_softwareMatch1.6.2

ciscotelepresence_multipoint_switch_softwareMatch1.6.3

ciscotelepresence_multipoint_switch_softwareMatch1.6.4

AND

ciscotelepresence_multipoint_switch

VendorProductVersionCPE
ciscotelepresence_recording_server_software1.6.1cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.1:*:*:*:*:*:*:*
ciscotelepresence_recording_server*cpe:2.3:h:cisco:telepresence_recording_server:*:*:*:*:*:*:*:*
ciscotelepresence_multipoint_switch_software1.0.4.0cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.0.4.0:*:*:*:*:*:*:*
ciscotelepresence_multipoint_switch_software1.1.0cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.0:*:*:*:*:*:*:*
ciscotelepresence_multipoint_switch_software1.1.1cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.1:*:*:*:*:*:*:*
ciscotelepresence_multipoint_switch_software1.1.2cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.2:*:*:*:*:*:*:*
ciscotelepresence_multipoint_switch_software1.5.0cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.0:*:*:*:*:*:*:*
ciscotelepresence_multipoint_switch_software1.5.1cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.1:*:*:*:*:*:*:*
ciscotelepresence_multipoint_switch_software1.5.2cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.2:*:*:*:*:*:*:*
ciscotelepresence_multipoint_switch_software1.5.3cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	telepresence_recording_server_software	1.6.1	cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.1:::::::*
cisco	telepresence_recording_server	*	cpe:2.3:h:cisco:telepresence_recording_server::::::::
cisco	telepresence_multipoint_switch_software	1.0.4.0	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.0.4.0:::::::*
cisco	telepresence_multipoint_switch_software	1.1.0	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.0:::::::*
cisco	telepresence_multipoint_switch_software	1.1.1	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.1:::::::*
cisco	telepresence_multipoint_switch_software	1.1.2	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.2:::::::*
cisco	telepresence_multipoint_switch_software	1.5.0	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.0:::::::*
cisco	telepresence_multipoint_switch_software	1.5.1	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.1:::::::*
cisco	telepresence_multipoint_switch_software	1.5.2	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.2:::::::*
cisco	telepresence_multipoint_switch_software	1.5.3	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.3:::::::*

Rows per page:

1-10 of 191

References

www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml

www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml

www.securityfocus.com/bid/46519

www.securitytracker.com/id?1025113

www.securitytracker.com/id?1025114

exchange.xforce.ibmcloud.com/vulnerabilities/65602

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

Low

EPSS

0.105

Percentile

95.0%

JSON

Related for CVE-2011-0383