CVE-2011-0390
https://notcve.org/view.php?id=CVE-2011-0390
The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, 1.6.x, and 1.7.0 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka Bug ID CSCtj44534. La implementación XML-RPC en dispositivos Cisco TelePresence Multipoint Switch (CTMS) con el software v1.0.x, v1.1.x, v1.5.x, v1.6.x, y v1.7.0 permite a atacantes remotos causar una denegación de servicio (caída del proceso) a través de una solicitud manipulada, también conocido como error ID CSCtj44534. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml http://www.securityfocus.com/bid/46520 http://www.securitytracker.com/id?1025113 https://exchange.xforce.ibmcloud.com/vulnerabilities/65623 • CWE-399: Resource Management Errors •
CVE-2011-0384
https://notcve.org/view.php?id=CVE-2011-0384
The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253. El Java Servlet framework en dispositivos Cisco TelePresence Multipoint Switch (CTMS) con software v1.0.x, v1.1.x, v1.5.x, y v1.6.x no requiere autenticación administrativa para acciones no especificadas, permitiendo a atacantes remotos ejecutar código arbitrario mediante una petición manipulada, también conocido como error ID CSCtf01253. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml http://www.securityfocus.com/bid/46520 http://www.securitytracker.com/id?1025113 https://exchange.xforce.ibmcloud.com/vulnerabilities/65620 • CWE-287: Improper Authentication •
CVE-2011-0388
https://notcve.org/view.php?id=CVE-2011-0388
Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825. Dispositivos TelePresence Recording Server con software v1.6.x y Cisco TelePresence Multipoint Switch (CTMS) con software v1.0.x, v1.1.x, v1.5.x y v1.6.x, no restrige correctamente el acceso remoto a la interfaz servlet de Java RMI, permitiendo a atacantes remotos provocar una denegación de servicio (agotamiento de memoria y corte Web) a través de múltiples peticiones manipuladas, también conocido como error ID CSCtg35830 y CSCtg35825. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml http://www.securityfocus.com/bid/46523 http://www.securitytracker.com/id?1025113 http://www.securitytracker.com/id?1025114 • CWE-399: Resource Management Errors •
CVE-2011-0385
https://notcve.org/view.php?id=CVE-2011-0385
The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065. La interfaz web de administración de dispositivos Cisco TelePresence Recording Server con el software v1.6.x y Cisco TelePresence Multipoint Switch (CTMS) con software v1.0.x, v1.1.x, v1.5.x, y v1.6.x permite a atacantes remotos crear o sobreescribir archivos arbitrarios, y posiblemente ejecutar código arbitrario, a través de una solicitud manipulada, también conocido como error ID CSCth85786 y CSCth61065. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml http://www.securitytracker.com/id?1025113 http://www.securitytracker.com/id?1025114 https://exchange.xforce.ibmcloud.com/vulnerabilities/65604 •
CVE-2011-0387
https://notcve.org/view.php?id=CVE-2011-0387
The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors involving access to a servlet, aka Bug ID CSCtf97164. La interfaz web de administración de dispositivos Cisco TelePresence Multipoint Switch (CTMS) con el software v1.0.x, v1.1.x, v1.5.x, y v1.6.x, permite a usuarios remotos autenticados causar una denegación de servicio o tener un impacto no especificado a través de vectores que implican el acceso a un servlet, también conocido como error ID CSCtf97164. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml http://www.securityfocus.com/bid/46520 http://www.securitytracker.com/id?1025113 https://exchange.xforce.ibmcloud.com/vulnerabilities/65621 • CWE-264: Permissions, Privileges, and Access Controls •