CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2011-0382
https://notcve.org/view.php?id=CVE-2011-0382
The CGI subsystem on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 allows remote attackers to execute arbitrary commands via a request to TCP port 443, related to a "command injection vulnerability," aka Bug ID CSCtf97221. El subsistema CGI en dispositivos Cisco TelePresence Recording Server con software v1.6.x anterior a v1.6.2 permite a atacantes remotos ejecutar comandos arbitrarios mediante una petición al puerto TCP 443, relacionado con una "vulnerabilidad de inyección de comandos," también conocido como error ID CSCtf97221. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml http://www.securityfocus.com/bid/46522 http://www.securitytracker.com/id?1025114 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 2%CPEs: 6EXPL: 0CVE-2011-0386
https://notcve.org/view.php?id=CVE-2011-0386
The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739. La implementación XML-RPC en dispositivos Cisco TelePresence Recording Server con software v1.6.x y v1.7.x anterior a v1.7.1 permite a atacantes remotos sobreescribir archivos y ejecutar código arbitrario a través de una solicitud manipulada, también conocido como error ID CSCti50739. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml http://www.securityfocus.com/bid/46522 http://www.securitytracker.com/id?1025114 https://exchange.xforce.ibmcloud.com/vulnerabilities/65605 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2011-0391
https://notcve.org/view.php?id=CVE-2011-0391
Cisco TelePresence Recording Server devices with software 1.6.x allow remote attackers to cause a denial of service (thread consumption and device outage) via a malformed request, related to an "ad hoc recording" issue, aka Bug ID CSCtf97205. Dispositivos Cisco TelePresence Recording Server con software v1.6.x permite a atacantes remotos provocar una denegación de servicio (agotamiento del hilo y corte del dispositivo) a través de una solicitud con formato incorrecto, relacionado con problema de "ad hoc recording", también conocido como error ID CSCtf97205. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml http://www.securityfocus.com/bid/46522 http://www.securitytracker.com/id?1025114 https://exchange.xforce.ibmcloud.com/vulnerabilities/65607 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 10%CPEs: 19EXPL: 0CVE-2011-0383
https://notcve.org/view.php?id=CVE-2011-0383
The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008. Java Servlet framework en dispositivos Cisco TelePresence Recording Server devices con software v1.6.x anterior a v1.6.2 y Cisco TelePresence Multipoint Switch (CTMS) con software v1.0.x, v1.1.x, v1.5.x, y v1.6.x no requiere autenticación administrativa para acciones no especificadas, permitiendo a atacantes remotos ejecutar código arbitrario mediante una petición manipulada, también conocido como error ID CSCtf42005 and CSCtf42008. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml http://www.securityfocus.com/bid/46519 http://www.securitytracker.com/id?1025113 http://www.securitytracker.com/id?1025114 https://exchange.xforce.ibmcloud.com/vulnerabilities/65602 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2011-0388
https://notcve.org/view.php?id=CVE-2011-0388
Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825. Dispositivos TelePresence Recording Server con software v1.6.x y Cisco TelePresence Multipoint Switch (CTMS) con software v1.0.x, v1.1.x, v1.5.x y v1.6.x, no restrige correctamente el acceso remoto a la interfaz servlet de Java RMI, permitiendo a atacantes remotos provocar una denegación de servicio (agotamiento de memoria y corte Web) a través de múltiples peticiones manipuladas, también conocido como error ID CSCtg35830 y CSCtg35825. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml http://www.securityfocus.com/bid/46523 http://www.securitytracker.com/id?1025113 http://www.securitytracker.com/id?1025114 • CWE-399: Resource Management Errors •