CVE-2011-0392
published 2011-02-25CVE-2011-0392: Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.39%
81.8th percentile
Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | telepresence_recording_server | — | — |
| cisco | telepresence_recording_server_software | — | — |
| cisco | telepresence_recording_server_software | — | — |
| cisco | telepresence_recording_server_software | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Multiple Vulnerabilities in Cisco TelePresence Recording Server
vendor_cisco·2011-02-23·CVSS 10.0
CVE-2011-0382 [CRITICAL] CWE-264 Multiple Vulnerabilities in Cisco TelePresence Recording Server
Multiple Vulnerabilities in Cisco TelePresence Recording Server
Multiple vulnerabilities exist within the Cisco TelePresence Recording
Server. This security advisory outlines details of the following
vulnerabilities:
Unauthenticated Java Servlet Access
Common Gateway Interface (CGI) Command Injection
Unauthenticated Arbitrary File Upload
XML-Remote Procedure Call (RPC) Arbitrary File Overwrite
Cisco Discovery Protocol Remote Code Execution
Ad Hoc Recording Denial of Service
Java Remote method Invocation (RMI) Denial of Service
Unauthenticated XML-RPC Interface
Duplicate Issue Identification in Other Cisco TelePresence Advisories
The Unauthenticated Java Servlet Access vulnerability affects the Cisco
TelePresence Multipoint Switch and Recording Server. The defect that is r
Cisco
Multiple Vulnerabilities in Cisco TelePresence Recording Server
vendor_cisco
CVE-2011-0392 Multiple Vulnerabilities in Cisco TelePresence Recording Server
CVE-2011-0392: Multiple Vulnerabilities in Cisco TelePresence Recording Server
Multiple vulnerabilities exist within the Cisco TelePresence Recording Server. This security advisory outlines
CWE: CWE-264, CWE-287, CWE-399, CWE-264, CWE-287, CWE-399
Bug IDs: CSCtf42008, CSCtf42005, CSCth61065, CSCth85786, CSCtd75754
GHSA
GHSA-8fr7-2mr9-63wj: Cisco TelePresence Recording Server devices with software 1
ghsa_unreviewed·2022-05-17
CVE-2011-0392 [HIGH] CWE-287 GHSA-8fr7-2mr9-63wj: Cisco TelePresence Recording Server devices with software 1
Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833.
No detection rules found.
No public exploits indexed.
arXiv
Graphene: Infrastructure Security Posture Analysis with AI-generated Attack Graphs
arxiv_fulltext·2024-05-01
Graphene: Infrastructure Security Posture Analysis with AI-generated Attack Graphs
: A Holistic Security Posture Analyzer for Edge Computing
Xin Jin, Charalampos Katsis, Fan Sang, Jiahao Sun, Ashish Kundu, Ramana Kompella
xijin3, ckatsis, fsang, jiahasun, ashkundu, [email protected]
Cisco Research
San Jose
California
USA
43017-6221
Trovato et al.
## Abstract
is a system that aims to analyze the security posture of an edge infrastructure thoroughly. The user provides necessary information for the given infrastructure, such as device information and connections, and performs a security analysis that involves finding associated vulnerabilities and using vulnerability knowledge to construct attack paths that an adversary may leverage. In addition, investigates how likely are those paths exploitable and quantifies the overall security posture of the system using a scor
Bugzilla
Regression in libtiff due to CVE-2011-0192 fix
bugzilla·2011-03-18·CVSS 9.3
CVE-2011-0192 [CRITICAL] Regression in libtiff due to CVE-2011-0192 fix
Regression in libtiff due to CVE-2011-0192 fix
This bug is not for a security flaw. It is a tracking bug
for regression introduced due to CVE-2011-0192 fix in libtiff
Discussion:
*** Bug 682883 has been marked as a duplicate of this bug. ***
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2011:0392 https://rhn.redhat.com/errata/RHSA-2011-0392.html
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtmlhttp://www.securityfocus.com/bid/46522http://www.securitytracker.com/id?1025114https://exchange.xforce.ibmcloud.com/vulnerabilities/65609http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtmlhttp://www.securityfocus.com/bid/46522http://www.securitytracker.com/id?1025114https://exchange.xforce.ibmcloud.com/vulnerabilities/65609
2011-02-25
Published