CVE-2011-0385

Published Feb 25, 2011

Last updated a month ago

CVSS info 10.0

Overview

Description: The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065.
Source: psirt@cisco.com
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F357829D-FEBE-498A-AD14-680411A7C522"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45E2377D-690A-474E-843A-697DA2BDE7B7"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61F55EB7-FF5A-418C-B7B2-F44C5920E266"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:telepresence_recording_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73576525-5C00-4D19-8670-F4D8B841A57B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.0.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AD084A4-0AA0-499F-9D2F-9AD0FC87B0B1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B862A01F-71E8-412F-AF83-3A64FB7352EC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "909CA78F-933F-4C79-8F91-D6B17FCD7093"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C885CA7-3DCC-4C05-8945-FBF2CD08EACA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D000335-5F60-49A8-B642-A5BEDC6A6820"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBBD9AB4-AC7C-4D3D-AF93-1B9D8AAF31CA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1B8EF29-8A24-47C7-8108-07B27AF0FDC3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D99CDCC2-5373-447E-9AB2-DEDB5C6327D9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "669BF6F3-CE41-43F2-BB6D-E594EB7CFCC7"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "606E06B8-B00B-4EE1-A763-A62C9105C5E2"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CECA0482-FD41-46E7-A8F9-54BC665A83FB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E431D427-EA04-4296-BB23-D638ADA1FF8A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B70A01B1-CE17-47BF-9035-7168DF790125"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0A9D905-3740-4B9D-A26C-DFA6CBD2D154"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69F84CF3-ED9D-4962-8930-ACB5319AFF6C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "260AD1B1-D5F3-433D-8B82-DF17197031C4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:telepresence_multipoint_switch:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DC3BECB-61EE-4668-B139-D46BCF5E0F69"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References