CVSS: 10.0EPSS: 10%CPEs: 19EXPL: 0CVE-2011-0383
https://notcve.org/view.php?id=CVE-2011-0383
The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008. Java Servlet framework en dispositivos Cisco TelePresence Recording Server devices con software v1.6.x anterior a v1.6.2 y Cisco TelePresence Multipoint Switch (CTMS) con software v1.0.x, v1.1.x, v1.5.x, y v1.6.x no requiere autenticación administrativa para acciones no especificadas, permitiendo a atacantes remotos ejecutar código arbitrario mediante una petición manipulada, también conocido como error ID CSCtf42005 and CSCtf42008. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml http://www.securityfocus.com/bid/46519 http://www.securitytracker.com/id?1025113 http://www.securitytracker.com/id?1025114 https://exchange.xforce.ibmcloud.com/vulnerabilities/65602 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2011-0388
https://notcve.org/view.php?id=CVE-2011-0388
Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825. Dispositivos TelePresence Recording Server con software v1.6.x y Cisco TelePresence Multipoint Switch (CTMS) con software v1.0.x, v1.1.x, v1.5.x y v1.6.x, no restrige correctamente el acceso remoto a la interfaz servlet de Java RMI, permitiendo a atacantes remotos provocar una denegación de servicio (agotamiento de memoria y corte Web) a través de múltiples peticiones manipuladas, también conocido como error ID CSCtg35830 y CSCtg35825. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml http://www.securityfocus.com/bid/46523 http://www.securitytracker.com/id?1025113 http://www.securitytracker.com/id?1025114 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 2%CPEs: 21EXPL: 0CVE-2011-0385
https://notcve.org/view.php?id=CVE-2011-0385
The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065. La interfaz web de administración de dispositivos Cisco TelePresence Recording Server con el software v1.6.x y Cisco TelePresence Multipoint Switch (CTMS) con software v1.0.x, v1.1.x, v1.5.x, y v1.6.x permite a atacantes remotos crear o sobreescribir archivos arbitrarios, y posiblemente ejecutar código arbitrario, a través de una solicitud manipulada, también conocido como error ID CSCth85786 y CSCth61065. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml http://www.securitytracker.com/id?1025113 http://www.securitytracker.com/id?1025114 https://exchange.xforce.ibmcloud.com/vulnerabilities/65604 •