CVE-2011-0386
published 2011-02-25CVE-2011-0386: The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files…
PriorityP354critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
4.48%
90.3th percentile
The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | telepresence_recording_server | — | — |
| cisco | telepresence_recording_server_software | — | — |
| cisco | telepresence_recording_server_software | — | — |
| cisco | telepresence_recording_server_software | — | — |
| cisco | telepresence_recording_server_software | — | — |
| cisco | telepresence_recording_server_software | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rm9r-mxqr-25v7: The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1
ghsa_unreviewed·2022-05-17
CVE-2011-0386 [HIGH] CWE-94 GHSA-rm9r-mxqr-25v7: The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1
The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739.
Cisco
Multiple Vulnerabilities in Cisco TelePresence Recording Server
vendor_cisco·2011-02-23·CVSS 10.0
CVE-2011-0382 [CRITICAL] CWE-264 Multiple Vulnerabilities in Cisco TelePresence Recording Server
Multiple Vulnerabilities in Cisco TelePresence Recording Server
Multiple vulnerabilities exist within the Cisco TelePresence Recording
Server. This security advisory outlines details of the following
vulnerabilities:
Unauthenticated Java Servlet Access
Common Gateway Interface (CGI) Command Injection
Unauthenticated Arbitrary File Upload
XML-Remote Procedure Call (RPC) Arbitrary File Overwrite
Cisco Discovery Protocol Remote Code Execution
Ad Hoc Recording Denial of Service
Java Remote method Invocation (RMI) Denial of Service
Unauthenticated XML-RPC Interface
Duplicate Issue Identification in Other Cisco TelePresence Advisories
The Unauthenticated Java Servlet Access vulnerability affects the Cisco
TelePresence Multipoint Switch and Recording Server. The defect that is r
Cisco
Multiple Vulnerabilities in Cisco TelePresence Recording Server
vendor_cisco
CVE-2011-0386 Multiple Vulnerabilities in Cisco TelePresence Recording Server
CVE-2011-0386: Multiple Vulnerabilities in Cisco TelePresence Recording Server
Multiple vulnerabilities exist within the Cisco TelePresence Recording Server. This security advisory outlines
CWE: CWE-264, CWE-287, CWE-399, CWE-264, CWE-287, CWE-399
Bug IDs: CSCtf42008, CSCtf42005, CSCth61065, CSCth85786, CSCtd75754
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtmlhttp://www.securityfocus.com/bid/46522http://www.securitytracker.com/id?1025114https://exchange.xforce.ibmcloud.com/vulnerabilities/65605http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtmlhttp://www.securityfocus.com/bid/46522http://www.securitytracker.com/id?1025114https://exchange.xforce.ibmcloud.com/vulnerabilities/65605
2011-02-25
Published