Java Servlet Security Flaw in Cisco TelePresence Recording Server and Multipoint Switch
CVE-2011-0383

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Recording Server Software; Telepresence Recording Server
Vendor: CVE Published:; 25 February 2011

Summary

The Java Servlet framework in Cisco TelePresence Recording Server and Multipoint Switch devices is prone to an authentication bypass vulnerability. This weakness allows remote attackers to execute arbitrary code by sending crafted requests, hence compromising the security of the affected systems. The vulnerability exists due to the lack of necessary administrative authentication for unspecified actions. It poses a significant risk to users who have not updated their software to the latest versions.

References

http://www.securityfocus.com/bid/46519

vdb-entryx_refsource_BID

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id?1025114

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Feb 25, 2011
Vulnerability Reserved
Jan 7, 2011