CVE-2011-0388 (GCVE-0-2011-0388)

Vulnerability from cvelistv5 – Published: 2011-02-25 11:00 – Updated: 2024-08-06 21:51

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO
	http://www.securitytracker.com/id?1025114	vdb-entryx_refsource_SECTRACK
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO
	http://www.securityfocus.com/bid/46523	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id?1025113	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:51:08.555Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml"
          },
          {
            "name": "1025114",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025114"
          },
          {
            "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml"
          },
          {
            "name": "46523",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46523"
          },
          {
            "name": "1025113",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025113"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-03-11T10:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml"
        },
        {
          "name": "1025114",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025114"
        },
        {
          "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml"
        },
        {
          "name": "46523",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46523"
        },
        {
          "name": "1025113",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025113"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-0388",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml"
            },
            {
              "name": "1025114",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025114"
            },
            {
              "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml"
            },
            {
              "name": "46523",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46523"
            },
            {
              "name": "1025113",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025113"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2011-0388",
    "datePublished": "2011-02-25T11:00:00",
    "dateReserved": "2011-01-07T00:00:00",
    "dateUpdated": "2024-08-06T21:51:08.555Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F357829D-FEBE-498A-AD14-680411A7C522\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45E2377D-690A-474E-843A-697DA2BDE7B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61F55EB7-FF5A-418C-B7B2-F44C5920E266\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:telepresence_recording_server:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73576525-5C00-4D19-8670-F4D8B841A57B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.0.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8AD084A4-0AA0-499F-9D2F-9AD0FC87B0B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B862A01F-71E8-412F-AF83-3A64FB7352EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"909CA78F-933F-4C79-8F91-D6B17FCD7093\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C885CA7-3DCC-4C05-8945-FBF2CD08EACA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D000335-5F60-49A8-B642-A5BEDC6A6820\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BBBD9AB4-AC7C-4D3D-AF93-1B9D8AAF31CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1B8EF29-8A24-47C7-8108-07B27AF0FDC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D99CDCC2-5373-447E-9AB2-DEDB5C6327D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"669BF6F3-CE41-43F2-BB6D-E594EB7CFCC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"606E06B8-B00B-4EE1-A763-A62C9105C5E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CECA0482-FD41-46E7-A8F9-54BC665A83FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E431D427-EA04-4296-BB23-D638ADA1FF8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B70A01B1-CE17-47BF-9035-7168DF790125\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0A9D905-3740-4B9D-A26C-DFA6CBD2D154\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69F84CF3-ED9D-4962-8930-ACB5319AFF6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"260AD1B1-D5F3-433D-8B82-DF17197031C4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:telepresence_multipoint_switch:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DC3BECB-61EE-4668-B139-D46BCF5E0F69\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825.\"}, {\"lang\": \"es\", \"value\": \"Dispositivos TelePresence Recording Server con software v1.6.x y Cisco TelePresence Multipoint Switch (CTMS) con software v1.0.x, v1.1.x, v1.5.x y v1.6.x, no restrige correctamente el acceso remoto a la interfaz servlet de Java RMI, permitiendo a atacantes remotos provocar una denegaci\\u00f3n de servicio (agotamiento de memoria y corte Web) a trav\\u00e9s de m\\u00faltiples peticiones manipuladas, tambi\\u00e9n conocido como error ID CSCtg35830 y CSCtg35825.\"}]",
      "id": "CVE-2011-0388",
      "lastModified": "2024-11-21T01:23:51.907",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2011-02-25T12:00:18.900",
      "references": "[{\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/46523\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id?1025113\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id?1025114\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/46523\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1025113\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1025114\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-0388\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2011-02-25T12:00:18.900\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825.\"},{\"lang\":\"es\",\"value\":\"Dispositivos TelePresence Recording Server con software v1.6.x y Cisco TelePresence Multipoint Switch (CTMS) con software v1.0.x, v1.1.x, v1.5.x y v1.6.x, no restrige correctamente el acceso remoto a la interfaz servlet de Java RMI, permitiendo a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de memoria y corte Web) a trav\u00e9s de m\u00faltiples peticiones manipuladas, tambi\u00e9n conocido como error ID CSCtg35830 y CSCtg35825.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F357829D-FEBE-498A-AD14-680411A7C522\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45E2377D-690A-474E-843A-697DA2BDE7B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61F55EB7-FF5A-418C-B7B2-F44C5920E266\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:telepresence_recording_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73576525-5C00-4D19-8670-F4D8B841A57B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.0.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AD084A4-0AA0-499F-9D2F-9AD0FC87B0B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B862A01F-71E8-412F-AF83-3A64FB7352EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"909CA78F-933F-4C79-8F91-D6B17FCD7093\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C885CA7-3DCC-4C05-8945-FBF2CD08EACA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D000335-5F60-49A8-B642-A5BEDC6A6820\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBBD9AB4-AC7C-4D3D-AF93-1B9D8AAF31CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1B8EF29-8A24-47C7-8108-07B27AF0FDC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99CDCC2-5373-447E-9AB2-DEDB5C6327D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"669BF6F3-CE41-43F2-BB6D-E594EB7CFCC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"606E06B8-B00B-4EE1-A763-A62C9105C5E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CECA0482-FD41-46E7-A8F9-54BC665A83FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E431D427-EA04-4296-BB23-D638ADA1FF8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B70A01B1-CE17-47BF-9035-7168DF790125\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0A9D905-3740-4B9D-A26C-DFA6CBD2D154\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69F84CF3-ED9D-4962-8930-ACB5319AFF6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"260AD1B1-D5F3-433D-8B82-DF17197031C4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:telepresence_multipoint_switch:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DC3BECB-61EE-4668-B139-D46BCF5E0F69\"}]}]}],\"references\":[{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/46523\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id?1025113\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id?1025114\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/46523\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025114\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2011-AVI-105

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités touchent la ligne de produits Cisco TelePresence, elles permettent notamment d'exécuter du code arbitraire ou de provoquer un déni de service à distance.

Description

Cisco a publié plusieurs bulletins de sécurité décrivant les vulnérabilités et correctifs associés concernant sa ligne de produits Cisco TelePresence. Ces vulnérabilités permettent entre autres d'exécuter du code arbitraire ou de provoquer un déni de service à distance.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco TelePresence Endpoint Devices versions antérieures à 1.7.0 ;
Cisco	N/A	Cisco TelePresence Recording Server versions antérieures à 1.7.0.
Cisco	N/A	Cisco TelePresence Manager versions antérieures à 1.7.0 ;
Cisco	N/A	Cisco TelePresence Multipoint Switch versions antérieures à 1.7.0 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco 112231 du 23 février 2011	None	vendor-advisory
Bulletin de sécurité Cisco 112233 du 23 février 2011	None	vendor-advisory
Bulletin de sécurité Cisco 112232 du 23 février 2011	None	vendor-advisory
Bulletin de sécurité Cisco 112230 du 23 février 2011	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco TelePresence Endpoint Devices versions ant\u00e9rieures \u00e0 1.7.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence Recording Server versions ant\u00e9rieures \u00e0 1.7.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence Manager versions ant\u00e9rieures \u00e0 1.7.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence Multipoint Switch versions ant\u00e9rieures \u00e0 1.7.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nCisco a publi\u00e9 plusieurs bulletins de s\u00e9curit\u00e9 d\u00e9crivant les\nvuln\u00e9rabilit\u00e9s et correctifs associ\u00e9s concernant sa ligne de produits\nCisco TelePresence. Ces vuln\u00e9rabilit\u00e9s permettent entre autres\nd\u0027ex\u00e9cuter du code arbitraire ou de provoquer un d\u00e9ni de service \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0381"
    },
    {
      "name": "CVE-2011-0372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0372"
    },
    {
      "name": "CVE-2011-0392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0392"
    },
    {
      "name": "CVE-2011-0387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0387"
    },
    {
      "name": "CVE-2011-0378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0378"
    },
    {
      "name": "CVE-2011-0374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0374"
    },
    {
      "name": "CVE-2011-0377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0377"
    },
    {
      "name": "CVE-2011-0391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0391"
    },
    {
      "name": "CVE-2011-0375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0375"
    },
    {
      "name": "CVE-2011-0386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0386"
    },
    {
      "name": "CVE-2011-0382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0382"
    },
    {
      "name": "CVE-2011-0373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0373"
    },
    {
      "name": "CVE-2011-0385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0385"
    },
    {
      "name": "CVE-2011-0388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0388"
    },
    {
      "name": "CVE-2011-0380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0380"
    },
    {
      "name": "CVE-2011-0389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0389"
    },
    {
      "name": "CVE-2011-0383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0383"
    },
    {
      "name": "CVE-2011-0379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0379"
    },
    {
      "name": "CVE-2011-0390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0390"
    },
    {
      "name": "CVE-2011-0384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0384"
    },
    {
      "name": "CVE-2011-0376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0376"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-105",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s touchent la ligne de produits Cisco\nTelePresence, elles permettent notamment d\u0027ex\u00e9cuter du code arbitraire\nou de provoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les logiciels Cisco TelePresence",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 112231 du 23 f\u00e9vrier 2011",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20110223-telepresence-ctsman.shtml"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 112233 du 23 f\u00e9vrier 2011",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20110223-telepresence-ctrs.shtml"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 112232 du 23 f\u00e9vrier 2011",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20110223-telepresence-ctms.shtml"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 112230 du 23 f\u00e9vrier 2011",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20110223-telepresence-cts.shtml"
    }
  ]
}

CERTA-2011-AVI-105

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités touchent la ligne de produits Cisco TelePresence, elles permettent notamment d'exécuter du code arbitraire ou de provoquer un déni de service à distance.

Description

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco TelePresence Endpoint Devices versions antérieures à 1.7.0 ;
Cisco	N/A	Cisco TelePresence Recording Server versions antérieures à 1.7.0.
Cisco	N/A	Cisco TelePresence Manager versions antérieures à 1.7.0 ;
Cisco	N/A	Cisco TelePresence Multipoint Switch versions antérieures à 1.7.0 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco 112231 du 23 février 2011	None	vendor-advisory
Bulletin de sécurité Cisco 112233 du 23 février 2011	None	vendor-advisory
Bulletin de sécurité Cisco 112232 du 23 février 2011	None	vendor-advisory
Bulletin de sécurité Cisco 112230 du 23 février 2011	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco TelePresence Endpoint Devices versions ant\u00e9rieures \u00e0 1.7.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence Recording Server versions ant\u00e9rieures \u00e0 1.7.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence Manager versions ant\u00e9rieures \u00e0 1.7.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence Multipoint Switch versions ant\u00e9rieures \u00e0 1.7.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nCisco a publi\u00e9 plusieurs bulletins de s\u00e9curit\u00e9 d\u00e9crivant les\nvuln\u00e9rabilit\u00e9s et correctifs associ\u00e9s concernant sa ligne de produits\nCisco TelePresence. Ces vuln\u00e9rabilit\u00e9s permettent entre autres\nd\u0027ex\u00e9cuter du code arbitraire ou de provoquer un d\u00e9ni de service \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0381"
    },
    {
      "name": "CVE-2011-0372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0372"
    },
    {
      "name": "CVE-2011-0392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0392"
    },
    {
      "name": "CVE-2011-0387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0387"
    },
    {
      "name": "CVE-2011-0378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0378"
    },
    {
      "name": "CVE-2011-0374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0374"
    },
    {
      "name": "CVE-2011-0377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0377"
    },
    {
      "name": "CVE-2011-0391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0391"
    },
    {
      "name": "CVE-2011-0375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0375"
    },
    {
      "name": "CVE-2011-0386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0386"
    },
    {
      "name": "CVE-2011-0382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0382"
    },
    {
      "name": "CVE-2011-0373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0373"
    },
    {
      "name": "CVE-2011-0385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0385"
    },
    {
      "name": "CVE-2011-0388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0388"
    },
    {
      "name": "CVE-2011-0380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0380"
    },
    {
      "name": "CVE-2011-0389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0389"
    },
    {
      "name": "CVE-2011-0383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0383"
    },
    {
      "name": "CVE-2011-0379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0379"
    },
    {
      "name": "CVE-2011-0390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0390"
    },
    {
      "name": "CVE-2011-0384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0384"
    },
    {
      "name": "CVE-2011-0376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0376"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-105",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s touchent la ligne de produits Cisco\nTelePresence, elles permettent notamment d\u0027ex\u00e9cuter du code arbitraire\nou de provoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les logiciels Cisco TelePresence",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 112231 du 23 f\u00e9vrier 2011",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20110223-telepresence-ctsman.shtml"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 112233 du 23 f\u00e9vrier 2011",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20110223-telepresence-ctrs.shtml"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 112232 du 23 f\u00e9vrier 2011",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20110223-telepresence-ctms.shtml"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 112230 du 23 f\u00e9vrier 2011",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20110223-telepresence-cts.shtml"
    }
  ]
}

GSD-2011-0388

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-0388

Aliases

CVE-2011-0388

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-0388",
    "description": "Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825.",
    "id": "GSD-2011-0388"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-0388"
      ],
      "details": "Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825.",
      "id": "GSD-2011-0388",
      "modified": "2023-12-13T01:19:04.494384Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2011-0388",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml"
          },
          {
            "name": "1025114",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1025114"
          },
          {
            "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml"
          },
          {
            "name": "46523",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/46523"
          },
          {
            "name": "1025113",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1025113"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:telepresence_recording_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.0.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:telepresence_multipoint_switch:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-0388"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml"
            },
            {
              "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml"
            },
            {
              "name": "46523",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/46523"
            },
            {
              "name": "1025113",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1025113"
            },
            {
              "name": "1025114",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1025114"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2011-04-09T03:32Z",
      "publishedDate": "2011-02-25T12:00Z"
    }
  }
}

FKIE_CVE-2011-0388

Vulnerability from fkie_nvd - Published: 2011-02-25 12:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml	Vendor Advisory
psirt@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/46523
psirt@cisco.com	http://www.securitytracker.com/id?1025113
psirt@cisco.com	http://www.securitytracker.com/id?1025114
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46523
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025113
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025114

Impacted products

Vendor	Product	Version
cisco	telepresence_recording_server_software	1.6.1
cisco	telepresence_recording_server_software	1.6.2
cisco	telepresence_recording_server_software	1.6.3
cisco	telepresence_recording_server	*
cisco	telepresence_multipoint_switch_software	1.0.4.0
cisco	telepresence_multipoint_switch_software	1.1.0
cisco	telepresence_multipoint_switch_software	1.1.1
cisco	telepresence_multipoint_switch_software	1.1.2
cisco	telepresence_multipoint_switch_software	1.5.0
cisco	telepresence_multipoint_switch_software	1.5.1
cisco	telepresence_multipoint_switch_software	1.5.2
cisco	telepresence_multipoint_switch_software	1.5.3
cisco	telepresence_multipoint_switch_software	1.5.4
cisco	telepresence_multipoint_switch_software	1.5.5
cisco	telepresence_multipoint_switch_software	1.5.6
cisco	telepresence_multipoint_switch_software	1.6.0
cisco	telepresence_multipoint_switch_software	1.6.1
cisco	telepresence_multipoint_switch_software	1.6.2
cisco	telepresence_multipoint_switch_software	1.6.3
cisco	telepresence_multipoint_switch_software	1.6.4
cisco	telepresence_multipoint_switch	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F357829D-FEBE-498A-AD14-680411A7C522",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "45E2377D-690A-474E-843A-697DA2BDE7B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "61F55EB7-FF5A-418C-B7B2-F44C5920E266",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:telepresence_recording_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73576525-5C00-4D19-8670-F4D8B841A57B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD084A4-0AA0-499F-9D2F-9AD0FC87B0B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B862A01F-71E8-412F-AF83-3A64FB7352EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "909CA78F-933F-4C79-8F91-D6B17FCD7093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C885CA7-3DCC-4C05-8945-FBF2CD08EACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D000335-5F60-49A8-B642-A5BEDC6A6820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBBD9AB4-AC7C-4D3D-AF93-1B9D8AAF31CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1B8EF29-8A24-47C7-8108-07B27AF0FDC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99CDCC2-5373-447E-9AB2-DEDB5C6327D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "669BF6F3-CE41-43F2-BB6D-E594EB7CFCC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "606E06B8-B00B-4EE1-A763-A62C9105C5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CECA0482-FD41-46E7-A8F9-54BC665A83FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E431D427-EA04-4296-BB23-D638ADA1FF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70A01B1-CE17-47BF-9035-7168DF790125",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0A9D905-3740-4B9D-A26C-DFA6CBD2D154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "69F84CF3-ED9D-4962-8930-ACB5319AFF6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "260AD1B1-D5F3-433D-8B82-DF17197031C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:telepresence_multipoint_switch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DC3BECB-61EE-4668-B139-D46BCF5E0F69",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825."
    },
    {
      "lang": "es",
      "value": "Dispositivos TelePresence Recording Server con software v1.6.x y Cisco TelePresence Multipoint Switch (CTMS) con software v1.0.x, v1.1.x, v1.5.x y v1.6.x, no restrige correctamente el acceso remoto a la interfaz servlet de Java RMI, permitiendo a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de memoria y corte Web) a trav\u00e9s de m\u00faltiples peticiones manipuladas, tambi\u00e9n conocido como error ID CSCtg35830 y CSCtg35825."
    }
  ],
  "id": "CVE-2011-0388",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-02-25T12:00:18.900",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/46523"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id?1025113"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id?1025114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025114"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201102-0228

Vulnerability from variot - Updated: 2023-12-18 12:10

Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825. The problem is Bug ID CSCtg35830 and CSCtg35825 It is a problem.Denial of service through multiple crafted requests by a third party ( Memory consumption and Web Stop ) It may be in a state. Cisco TelePresence is a telepresence conferencing solution developed by Cisco. An attacker can exploit this issue to cause an out-of-memory condition, denying further service to legitimate users. This issue is tracked by Cisco bug IDs CSCtg35825 and CSCtg35830. The solution provides components such as audio and video spaces, which can provide remote participants with a "face-to-face" virtual meeting room effect. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Recording Server

Advisory ID: cisco-sa-20110223-telepresence-ctrs

Revision 1.0

For Public Release 2011 February 23 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary

Multiple vulnerabilities exist within the Cisco TelePresence Recording Server. The defect that is related to each component is covered in each associated advisory. The defect that is related to each component is covered in each associated advisory. The defect that is related to each component is covered in each associated advisory. The defect that is related to each component is covered in each associated advisory. All releases of Cisco TelePresence software prior to 1.7.1 are affected by one or more of the vulnerabilities listed in this advisory. The output should resemble the following example:

admin: show version active
Active Master Version: 1.7.0.0-151

Active Version Installed Software Options:
No Installed Software Options Found.

admin: show version inactive
Inactive Master Version: 1.6.2.0-237

Inactive Version Installed Software Options:

No Installed Software Options Found.

In the preceding example, the system has versions 1.6.2 and 1.7.0 loaded on the device and version 1.7.0 is currently active. A device is affected only by vulnerabilities that are present in the active software version.

Products Confirmed Not Vulnerable +--------------------------------

No other Cisco products are currently known to be affected by these vulnerabilities.

Details

The Cisco TelePresence solution allows for immersive, in-person communication and collaboration over the network with colleagues, prospects, and partners even when they are located in opposite hemispheres.

This security advisory describes multiple distinct vulnerabilities in the Cisco TelePresence Recording Server. These vulnerabilities are independent of each other. To successfully exploit this vulnerability, the attacker would need the ability to submit a crafted request to an affected device on TCP port 80, TCP port 443, or TCP port 8080.

An attacker must perform a three-way TCP handshake and establish a valid session to exploit these vulnerabilities.

Cisco TelePresence Recording Server - CSCtf42005 ( registered customers only) has been assigned the CVE identifier CVE-2011-0383.

CGI Command Injection +--------------------

A CGI command injection vulnerability exists within the Cisco TelePresence Recording Server that could allow a remote, unauthenticated attacker to execute arbitrary commands with elevated privileges. To successfully exploit this vulnerability the attacker would need the ability to submit a malformed request to an affected device via TCP port 443.

An attacker must perform a three-way TCP handshake and establish a valid session to exploit these vulnerabilities.

Cisco TelePresence Recording Server - CSCtf97221 ( registered customers only) has been assigned the CVE identifier CVE-2011-0382. An unauthenticated, remote attacker could place content to arbitrary locations on the device by submitting crafted requests to the affected device. To successfully exploit this vulnerability the attacker would need the ability to submit a crafted request to an affected device on TCP port 80 or 443.