CVE-2011-0388
published 2011-02-25CVE-2011-0388: Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and…
PriorityP339high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
2.60%
83.4th percentile
Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | telepresence_multipoint_switch | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_multipoint_switch_software | — | — |
| cisco | telepresence_recording_server_software | — | — |
| cisco | telepresence_recording_server_software | — | — |
| cisco | telepresence_recording_server_software | — | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_cisco8.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
vendor_cisco·2011-02-23·CVSS 8.0
CVE-2011-0387 [HIGH] CWE-264 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
Multiple vulnerabilities exist within the Cisco TelePresence Multipoint
Switch. This security advisory outlines details of the following
vulnerabilities:
Unauthenticated Java Servlet Access
Unauthenticated Arbitrary File Upload
Cisco Discovery Protocol Remote Code Execution
Unauthorized Servlet Access
Java RMI Denial of Service
Real-Time Transport Control Protocol Denial of Service
XML-Remote Procedure Call (RPC) Denial of Service
Duplicate Issue Identification in Other Cisco TelePresence Advisories
The Unauthenticated Java Servlet Access vulnerability affects the Cisco
TelePresence Multipoint Switch and Recording Server. The defect as related to
each component is covered in each associated advisory. The Cisco bug
Cisco
Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
vendor_cisco
CVE-2011-0388 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
CVE-2011-0388: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
Multiple vulnerabilities exist within the Cisco TelePresence Multipoint Switch. This security advisory outlines
CWE: CWE-264, CWE-399, CWE-264, CWE-399
Bug IDs: CSCtf42008, CSCtf42005, CSCth61065, CSCth85786, CSCtd75754
GHSA
GHSA-gm8g-8hpq-cm8m: Cisco TelePresence Recording Server devices with software 1
ghsa_unreviewed·2022-05-17
CVE-2011-0388 [HIGH] GHSA-gm8g-8hpq-cm8m: Cisco TelePresence Recording Server devices with software 1
Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtmlhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtmlhttp://www.securityfocus.com/bid/46523http://www.securitytracker.com/id?1025113http://www.securitytracker.com/id?1025114http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtmlhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtmlhttp://www.securityfocus.com/bid/46523http://www.securitytracker.com/id?1025113http://www.securitytracker.com/id?1025114
2011-02-25
Published