CVE-2011-0383

The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml	Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml
http://www.securityfocus.com/bid/46519
http://www.securitytracker.com/id?1025113
http://www.securitytracker.com/id?1025114
https://exchange.xforce.ibmcloud.com/vulnerabilities/65602
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml	Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml
http://www.securityfocus.com/bid/46519
http://www.securitytracker.com/id?1025113
http://www.securitytracker.com/id?1025114
https://exchange.xforce.ibmcloud.com/vulnerabilities/65602

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.1:*:*:*:*:*:*:*

cpe:2.3:h:cisco:telepresence_recording_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.0.4.0:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.0:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.1:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.2:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.0:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.1:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.2:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.3:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.4:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.5:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.6:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.0:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.1:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.2:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.3:::::::*
	cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.4:::::::*

cpe:2.3:h:cisco:telepresence_multipoint_switch:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:23

Type	Values Removed	Values Added
References	~~() http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml - Vendor Advisory~~	() http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml - Vendor Advisory
References	~~() http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml -~~	() http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml -
References	~~() http://www.securityfocus.com/bid/46519 -~~	() http://www.securityfocus.com/bid/46519 -
References	~~() http://www.securitytracker.com/id?1025113 -~~	() http://www.securitytracker.com/id?1025113 -
References	~~() http://www.securitytracker.com/id?1025114 -~~	() http://www.securitytracker.com/id?1025114 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/65602 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/65602 -

Information

Published : 2011-02-25 12:00

Updated : 2025-04-11 00:51

NVD link : CVE-2011-0383

Mitre link : CVE-2011-0383

CVE.ORG link : CVE-2011-0383

JSON object : View

Products Affected

cisco

telepresence_multipoint_switch_software
telepresence_recording_server
telepresence_multipoint_switch
telepresence_recording_server_software

CWE

CWE-287

Improper Authentication

{"id": "CVE-2011-0383", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-02-25T12:00:18.603", "references": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml", "source": "psirt@cisco.com"}, {"url": "http://www.securityfocus.com/bid/46519", "source": "psirt@cisco.com"}, {"url": "http://www.securitytracker.com/id?1025113", "source": "psirt@cisco.com"}, {"url": "http://www.securitytracker.com/id?1025114", "source": "psirt@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65602", "source": "psirt@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/46519", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1025113", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1025114", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65602", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008."}, {"lang": "es", "value": "Java Servlet framework en dispositivos Cisco TelePresence Recording Server devices con software v1.6.x anterior a v1.6.2 y Cisco TelePresence Multipoint Switch (CTMS) con software v1.0.x, v1.1.x, v1.5.x, y v1.6.x no requiere autenticaci\u00f3n administrativa para acciones no especificadas, permitiendo a atacantes remotos ejecutar c\u00f3digo arbitrario mediante una petici\u00f3n manipulada, tambi\u00e9n conocido como error ID CSCtf42005 and CSCtf42008."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F357829D-FEBE-498A-AD14-680411A7C522"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:telepresence_recording_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73576525-5C00-4D19-8670-F4D8B841A57B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.0.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AD084A4-0AA0-499F-9D2F-9AD0FC87B0B1"}, {"criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B862A01F-71E8-412F-AF83-3A64FB7352EC"}, {"criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "909CA78F-933F-4C79-8F91-D6B17FCD7093"}, {"criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C885CA7-3DCC-4C05-8945-FBF2CD08EACA"}, {"criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D000335-5F60-49A8-B642-A5BEDC6A6820"}, {"criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBBD9AB4-AC7C-4D3D-AF93-1B9D8AAF31CA"}, {"criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1B8EF29-8A24-47C7-8108-07B27AF0FDC3"}, {"criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D99CDCC2-5373-447E-9AB2-DEDB5C6327D9"}, {"criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "669BF6F3-CE41-43F2-BB6D-E594EB7CFCC7"}, {"criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "606E06B8-B00B-4EE1-A763-A62C9105C5E2"}, {"criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CECA0482-FD41-46E7-A8F9-54BC665A83FB"}, {"criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E431D427-EA04-4296-BB23-D638ADA1FF8A"}, {"criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B70A01B1-CE17-47BF-9035-7168DF790125"}, {"criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0A9D905-3740-4B9D-A26C-DFA6CBD2D154"}, {"criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69F84CF3-ED9D-4962-8930-ACB5319AFF6C"}, {"criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "260AD1B1-D5F3-433D-8B82-DF17197031C4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:telepresence_multipoint_switch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DC3BECB-61EE-4668-B139-D46BCF5E0F69"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@cisco.com"}

10.0 /10