CVE-2011-0385
published 2011-02-25CVE-2011-0385: The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices…
PriorityP357critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.23%
91.5th percentile
The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | telepresence_multipoint_switch | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_recording_server_software | — | — |
| cisco | telepresence_recording_server_software | — | — |
| cisco | telepresence_recording_server_software | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Multiple Vulnerabilities in Cisco TelePresence Recording Server
vendor_cisco·2011-02-23·CVSS 10.0
CVE-2011-0382 [CRITICAL] CWE-264 Multiple Vulnerabilities in Cisco TelePresence Recording Server
Multiple Vulnerabilities in Cisco TelePresence Recording Server
Multiple vulnerabilities exist within the Cisco TelePresence Recording
Server. This security advisory outlines details of the following
vulnerabilities:
Unauthenticated Java Servlet Access
Common Gateway Interface (CGI) Command Injection
Unauthenticated Arbitrary File Upload
XML-Remote Procedure Call (RPC) Arbitrary File Overwrite
Cisco Discovery Protocol Remote Code Execution
Ad Hoc Recording Denial of Service
Java Remote method Invocation (RMI) Denial of Service
Unauthenticated XML-RPC Interface
Duplicate Issue Identification in Other Cisco TelePresence Advisories
The Unauthenticated Java Servlet Access vulnerability affects the Cisco
TelePresence Multipoint Switch and Recording Server. The defect that is r
Cisco
Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
vendor_cisco
CVE-2011-0385 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
CVE-2011-0385: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
Multiple vulnerabilities exist within the Cisco TelePresence Multipoint Switch. This security advisory outlines
CWE: CWE-264, CWE-399, CWE-264, CWE-399
Bug IDs: CSCtf42008, CSCtf42005, CSCth61065, CSCth85786, CSCtd75754
GHSA
GHSA-c7mf-3c4g-q9f2: The administrative web interface on Cisco TelePresence Recording Server devices with software 1
ghsa_unreviewed·2022-05-17
CVE-2011-0385 [HIGH] GHSA-c7mf-3c4g-q9f2: The administrative web interface on Cisco TelePresence Recording Server devices with software 1
The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065.
No detection rules found.
No public exploits indexed.
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtmlhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtmlhttp://www.securitytracker.com/id?1025113http://www.securitytracker.com/id?1025114https://exchange.xforce.ibmcloud.com/vulnerabilities/65604http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtmlhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtmlhttp://www.securitytracker.com/id?1025113http://www.securitytracker.com/id?1025114https://exchange.xforce.ibmcloud.com/vulnerabilities/65604
2011-02-25
Published