Command Injection Vulnerability in Cisco TelePresence Recording Server
CVE-2011-0382

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Recording Server Software; Telepresence Recording Server
Vendor: CVE Published:; 25 February 2011

Summary

A command injection vulnerability exists in the CGI subsystem of Cisco TelePresence Recording Server devices running software version 1.6.x prior to 1.6.2. This flaw allows remote attackers to execute arbitrary commands on the server by sending specially crafted requests to TCP port 443. Exploiting this vulnerability can lead to unauthorized access and control over the affected devices, posing a significant risk to the integrity and confidentiality of recorded material.

References

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id?1025114

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/46522

vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 25, 2011
Vulnerability Reserved
Jan 7, 2011