CVE-2011-0383

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Recording Server Software; Telepresence Recording Server
Vendor: CVE Published:; 25 February 2011

Summary

The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008.

References

http://www.securityfocus.com/bid/46519

vdb-entryx_refsource_BID

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id?1025114

vdb-entryx_refsource_SECTRACK

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 25, 2011
Vulnerability Reserved
Jan 7, 2011