Java Servlet Framework Vulnerability in Cisco TelePresence Multipoint Switch
CVE-2011-0384

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Multipoint Switch Software; Telepresence Multipoint Switch
Vendor: CVE Published:; 25 February 2011

Summary

The Java Servlet framework in Cisco TelePresence Multipoint Switch devices presents a significant security risk, as it lacks proper administrative authentication for certain actions. This absence of authentication permits remote attackers to potentially execute arbitrary code on the system by sending specially crafted requests. The vulnerability affects multiple versions of the software, including 1.0.x, 1.1.x, 1.5.x, and 1.6.x, rendering these devices susceptible to unauthorized access and exploitation.

References

http://www.securityfocus.com/bid/46520

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/65620

vdb-entryx_refsource_XF

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Feb 25, 2011
Vulnerability Reserved
Jan 7, 2011