The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
21 Nov 2024, 01:23
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml - Vendor Advisory | |
References | () http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml - | |
References | () http://www.securityfocus.com/bid/46519 - | |
References | () http://www.securitytracker.com/id?1025113 - | |
References | () http://www.securitytracker.com/id?1025114 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/65602 - |
Information
Published : 2011-02-25 12:00
Updated : 2024-11-21 01:23
NVD link : CVE-2011-0383
Mitre link : CVE-2011-0383
CVE.ORG link : CVE-2011-0383
JSON object : View
Products Affected
cisco
- telepresence_multipoint_switch_software
- telepresence_recording_server_software
- telepresence_multipoint_switch
- telepresence_recording_server
CWE
CWE-287
Improper Authentication