Executive Summary

Summary
Title Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
Informations
Name cisco-sa-20110223-telepresence-ctms First vendor Publication 2010-11-23
Vendor Cisco Last vendor Modification 2011-02-23
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities exist within the Cisco TelePresence Multipoint Switch. This security advisory outlines details of the following vulnerabilities:

* Unauthenticated Java Servlet Access
* Unauthenticated Arbitrary File Upload
* Cisco Discovery Protocol Remote Code Execution
* Unauthorized Servlet Access
* Java RMI Denial of Service
* Real-Time Transport Control Protocol Denial of Service
* XML-Remote Procedure Call (RPC) Denial of Service

Duplicate Issue Identification in Other Cisco TelePresence Advisories

The Unauthenticated Java Servlet Access vulnerability affects the Cisco TelePresence Multipoint Switch and Recording Server. The defect as related to each component is covered in each associated advisory. The Cisco bug IDs for these defects are as follows:

* Cisco TelePresence Multipoint Switch - CSCtf42008
* Cisco TelePresence Recording Server - CSCtf42005

The Unauthenticated Arbitrary File Upload vulnerability affects the Cisco TelePresence Multipoint Switch and Recording Server. The defect as related to each component is covered in each associated advisory. The Cisco bug IDs for these defects are as follows:

* Cisco TelePresence Multipoint Switch - CSCth61065
* Cisco TelePresence Recording Server - CSCth85786

The Cisco Discovery Protocol Remote Code Execution vulnerability affects Cisco TelePresence endpoint devices, Manager, Multipoint Switch, and Recording Server. The defect as related to each component is covered in each associated advisory. The Cisco bug IDs for these defects are as follows:

* Cisco TelePresence endpoint devices - CSCtd75754
* Cisco TelePresence Manager - CSCtd75761
* Cisco TelePresence Multipoint Switch - CSCtd75766
* Cisco TelePresence Recording Server - CSCtd75769

The Java RMI Denial of Service vulnerability affects the Cisco TelePresence Multipoint Switch and Recording Server. The defect as related to each component is covered in each associated advisory. The Cisco bug IDs for these defects are as follows:

* Cisco TelePresence Multipoint Switch - CSCtg35830
* Cisco TelePresence Recording Server - CSCtg35825

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6 (...)

CWE : Common Weakness Enumeration

% Id Name
43 % CWE-399 Resource Management Errors
29 % CWE-287 Improper Authentication
14 % CWE-264 Permissions, Privileges, and Access Controls
14 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 17
Application 3
Application 17
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1

Open Source Vulnerability Database (OSVDB)

Id Description
72605 Cisco TelePresence Multipoint Switch (CTMS) XML-RPC Implementation Unspecifie...

72604 Cisco TelePresence Multipoint Switch (CTMS) Crafted Real-Time Transport Contr...

72603 Cisco TelePresence Java Servlet RMI Interface Multiple Crafted Requests Remot...

72602 Cisco TelePresence Administrative Web Interface Unspecified Servlet Access Re...

72600 Cisco TelePresence Administrative Web Interface Crafted Request Arbitrary Fil...

72599 Cisco TelePresence Java Servlet Framework Crafted Request Unauthenticated Com...

72598 Cisco TelePresence Java Servlet Framework Crafted Request Unauthenticated Com...

72594 Cisco Multiple Products Crafted Cisco Discovery Protocol (CDP) Packet Handlin...

Nessus® Vulnerability Scanner

Date Description
2012-07-27 Name : The videoconferencing switch running on the remote host is affected by multip...
File : cisco_tms_web_1_7_0.nasl - Type : ACT_GATHER_INFO
2012-07-27 Name : The videoconferencing switch running on the remote host has a denial of servi...
File : cisco_tms_web_1_7_2.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 10:22:00
  • Multiple Updates