Executive Summary
Summary | |
---|---|
Title | Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch |
Informations | |||
---|---|---|---|
Name | cisco-sa-20110223-telepresence-ctms | First vendor Publication | 2010-11-23 |
Vendor | Cisco | Last vendor Modification | 2011-02-23 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities exist within the Cisco TelePresence Multipoint Switch. This security advisory outlines details of the following vulnerabilities: * Unauthenticated Java Servlet Access Duplicate Issue Identification in Other Cisco TelePresence Advisories The Unauthenticated Java Servlet Access vulnerability affects the Cisco TelePresence Multipoint Switch and Recording Server. The defect as related to each component is covered in each associated advisory. The Cisco bug IDs for these defects are as follows: * Cisco TelePresence Multipoint Switch - CSCtf42008 The Unauthenticated Arbitrary File Upload vulnerability affects the Cisco TelePresence Multipoint Switch and Recording Server. The defect as related to each component is covered in each associated advisory. The Cisco bug IDs for these defects are as follows: * Cisco TelePresence Multipoint Switch - CSCth61065 The Cisco Discovery Protocol Remote Code Execution vulnerability affects Cisco TelePresence endpoint devices, Manager, Multipoint Switch, and Recording Server. The defect as related to each component is covered in each associated advisory. The Cisco bug IDs for these defects are as follows: * Cisco TelePresence endpoint devices - CSCtd75754 The Java RMI Denial of Service vulnerability affects the Cisco TelePresence Multipoint Switch and Recording Server. The defect as related to each component is covered in each associated advisory. The Cisco bug IDs for these defects are as follows: * Cisco TelePresence Multipoint Switch - CSCtg35830 |
Original Source
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6 (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
43 % | CWE-399 | Resource Management Errors |
29 % | CWE-287 | Improper Authentication |
14 % | CWE-264 | Permissions, Privileges, and Access Controls |
14 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72605 | Cisco TelePresence Multipoint Switch (CTMS) XML-RPC Implementation Unspecifie... |
72604 | Cisco TelePresence Multipoint Switch (CTMS) Crafted Real-Time Transport Contr... |
72603 | Cisco TelePresence Java Servlet RMI Interface Multiple Crafted Requests Remot... |
72602 | Cisco TelePresence Administrative Web Interface Unspecified Servlet Access Re... |
72600 | Cisco TelePresence Administrative Web Interface Crafted Request Arbitrary Fil... |
72599 | Cisco TelePresence Java Servlet Framework Crafted Request Unauthenticated Com... |
72598 | Cisco TelePresence Java Servlet Framework Crafted Request Unauthenticated Com... |
72594 | Cisco Multiple Products Crafted Cisco Discovery Protocol (CDP) Packet Handlin... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-07-27 | Name : The videoconferencing switch running on the remote host is affected by multip... File : cisco_tms_web_1_7_0.nasl - Type : ACT_GATHER_INFO |
2012-07-27 | Name : The videoconferencing switch running on the remote host has a denial of servi... File : cisco_tms_web_1_7_2.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 10:22:00 |
|