CVE-2011-0378

CWE-78 — OS Command Injection CWE-119 — Buffer Overflow CWE-200 — Information Exposure CWE-264 CWE-3994 documents4 sources

Severity

8.3HIGH

EPSS

1.9%

top 16.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence System Software

Timeline

PublishedFeb 25

Latest updateMay 17

Description

The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587.

CVSS vector

AV:A/AC:L/C:C/I:C/A:CExploitability: 6.5 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/telepresence_system_software9 versions+8

🔴Vulnerability Details

GHSA

GHSA-hw6g-cw69-8qj2: The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1↗2022-05-17

▶

CVEList

CVE-2011-0378: The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1↗2011-02-25

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices↗2011-02-23

▶