CVE-2011-0384

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Multipoint Switch Software; Telepresence Multipoint Switch
Vendor: CVE Published:; 25 February 2011

Summary

The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253.

References

http://www.securityfocus.com/bid/46520

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/65620

vdb-entryx_refsource_XF

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Feb 25, 2011
Vulnerability Reserved
Jan 7, 2011