CVE-2012-3073
https://notcve.org/view.php?id=CVE-2012-3073
The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to cause a denial of service (networking outage or process crash) via (1) malformed IP packets, (2) a high rate of TCP connection requests, or (3) a high rate of TCP connection terminations, aka Bug IDs CSCti21830, CSCti21851, CSCtj19100, CSCtj19086, CSCtj19078, CSCty11219, CSCty11299, CSCty11323, and CSCty11338. La implementación IP en Cisco TelePresence Multipoint Switch anterior a v1.8.1, Cisco TelePresence Manager anterior a v1.9.0, y Cisco TelePresence Recording Server v1.8 y anteriores permite a atacantes remotos causar una denegación de servicio mediante (1) un paquete IP mal formado, (2) una elevada cantidad de conexiones TCP, o (3) una elevada cantidad de conexiones de finalización TCP, cambien conocido como bug IDs CSCti21830, CSCti21851, CSCtj19100, CSCtj19086, CSCtj19078, CSCty11219, CSCty11299, CSCty11323, y CSCty11338. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman •
CVE-2012-2486
https://notcve.org/view.php?id=CVE-2012-2486
The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953. La implementación del protocolo Cisco Discovery Protocol (CDP) en Cisco TelePresence Multipoint Switch anterior a v1.9.0, Cisco TelePresence Immersive Endpoint Devices anterior a v1.9.1, Cisco TelePresence Manager anterior a v1.9.0, y Cisco TelePresence Recording Server anterior a v1.8.1 permite a atacantes remotos ejecutar código arbitrario mediante el envío de paquetes CDP mal formados, también conocido como Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, y CSCtz40953. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2011-0379
https://notcve.org/view.php?id=CVE-2011-0379
Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x; and Cisco TelePresence Manager 1.2.x, 1.3.x, 1.4.x, 1.5.x, and 1.6.2 allows remote attackers to execute arbitrary code via a crafted Cisco Discovery Protocol packet, aka Bug IDs CSCtd75769, CSCtd75766, CSCtd75754, and CSCtd75761. Desbordamiento de búfer en dispositivos Cisco Adaptive Security Appliances (ASA) 5500 con el software v1.6.x; Cisco TelePresence Multipoint Switch (CTMS) con software v1.0.x, v1.1.x, v1.5.x, y v1.6.x; Cisco TelePresence endpoint con software v1.2.x hasta v1.6.x; y Cisco TelePresence Manager v1.2.x, v1.3.x, v1.4.x, v1.5.x, y v1.6.2 permite a atacantes remotos ejecutar código arbitrario mediante un paquete Cisco Discovery Protocol, también conocido como error IDs CSCtd75769, CSCtd75766, CSCtd75754, y CSCtd75761. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14f.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e152.shtml http://www.securitytracker.com/id?1025111 http://www.securitytracker.com/id?1025112 http://www.securitytracker.com/id?1025113 http://www.securitytracker.com/id?1025114 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0383
https://notcve.org/view.php?id=CVE-2011-0383
The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008. Java Servlet framework en dispositivos Cisco TelePresence Recording Server devices con software v1.6.x anterior a v1.6.2 y Cisco TelePresence Multipoint Switch (CTMS) con software v1.0.x, v1.1.x, v1.5.x, y v1.6.x no requiere autenticación administrativa para acciones no especificadas, permitiendo a atacantes remotos ejecutar código arbitrario mediante una petición manipulada, también conocido como error ID CSCtf42005 and CSCtf42008. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml http://www.securityfocus.com/bid/46519 http://www.securitytracker.com/id?1025113 http://www.securitytracker.com/id?1025114 https://exchange.xforce.ibmcloud.com/vulnerabilities/65602 • CWE-287: Improper Authentication •
CVE-2011-0389
https://notcve.org/view.php?id=CVE-2011-0389
Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport Control Protocol (RTCP) UDP packet, aka Bug ID CSCth60993. Dispositivos Cisco TelePresence Multipoint Switch (CTMS) con el software v1.0.x, v1.1.x, v1.5.x y v1.6.x permite a atacantes remotos provocar una denegación de servicio (caída del proceso) a través de un paquete Real-Time Transport Control Protocol (RTCP) UDP manipulado, también conocido como error ID CSCth60993. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml http://www.securityfocus.com/bid/46520 http://www.securitytracker.com/id?1025113 https://exchange.xforce.ibmcloud.com/vulnerabilities/65622 • CWE-399: Resource Management Errors •