cbcvebase.
CVE-2011-0382
published 2011-02-25

CVE-2011-0382: The CGI subsystem on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 allows remote attackers to execute arbitrary commands via a…

PriorityP260critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
4.19%
89.7th percentile
The CGI subsystem on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 allows remote attackers to execute arbitrary commands via a request to TCP port 443, related to a "command injection vulnerability," aka Bug ID CSCtf97221.

Affected

2 ranges
VendorProductVersion rangeFixed in
ciscotelepresence_recording_server
ciscotelepresence_recording_server_software

Detection & IOCsextracted from sources · hover to see the quote

portTCP/443
  • Monitor for unexpected command execution originating from CGI subsystem requests on TCP port 443 on Cisco TelePresence Recording Server devices running software version 1.6.x before 1.6.2.
  • Correlate findings against Cisco Bug IDs CSCtf42008, CSCtf42005, CSCth61065, CSCth85786, CSCtd75754 for related vulnerabilities on the same platform (CWE-264, CWE-287, CWE-399).
  • ·Vulnerability is specific to Cisco TelePresence Recording Server software versions 1.6.x prior to 1.6.2. Devices running 1.6.2 or later are not affected by this specific command injection issue.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.