Executive Summary
Summary | |
---|---|
Title | Multiple Vulnerabilities in Cisco TelePresence Recording Server |
Informations | |||
---|---|---|---|
Name | cisco-sa-20110223-telepresence-ctrs | First vendor Publication | 2010-11-23 |
Vendor | Cisco | Last vendor Modification | 2011-02-23 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities exist within the Cisco TelePresence Recording Server. This security advisory outlines details of the following vulnerabilities: * Unauthenticated Java Servlet Access * Common Gateway Interface (CGI) Command Injection * Unauthenticated Arbitrary File Upload * XML-Remote Procedure Call (RPC) Arbitrary File Overwrite * Cisco Discovery Protocol Remote Code Execution * Ad Hoc Recording Denial of Service * Java Remote method Invocation (RMI) Denial of Service * Unauthenticated XML-RPC Interface Duplicate Issue Identification in Other Cisco TelePresence Advisories The Unauthenticated Java Servlet Access vulnerability affects the Cisco TelePresence Multipoint Switch and Recording Server. The defect that is related to each component is covered in each associated advisory. The Cisco Bug IDs for these defects are as follows: * Cisco TelePresence Multipoint Switch - CSCtf42008 The Unauthenticated Arbitrary File Upload vulnerability affects the Cisco TelePresence Multipoint Switch and Recording server. The defect that is related to each component is covered in each associated advisory. The Cisco Bug IDs for these defects are as follows: * Cisco TelePresence Multipoint Switch - CSCth61065 The Cisco Discovery Protocol Remote Code Execution vulnerability affects Cisco TelePresence endpoints, Manager, Multipoint Switch, and Recording Server. The defect that is related to each component is covered in each associated advisory. The Cisco Bug IDs for these defects are as follows: * Cisco TelePresence endpoint devices - CSCtd75754 The Java RMI Denial of Service vulnerability affects the Cisco TelePresence Multipoint Switch and Recording Server. The defect that is related to each component is covered in each associated advisory. The Cisco Bug IDs for these defects are as follows: * Cisco TelePresence Multipoint Switch - CSCtg35825 |
Original Source
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6 (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
29 % | CWE-399 | Resource Management Errors |
29 % | CWE-287 | Improper Authentication |
14 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
14 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
14 % | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72607 | Cisco TelePresence Recording Server XML-RPC Interface Unspecified Unauthentic... |
72606 | Cisco TelePresence Recording Server ad hoc Recording Malformed Request Remote... |
72603 | Cisco TelePresence Java Servlet RMI Interface Multiple Crafted Requests Remot... |
72601 | Cisco TelePresence XML-RPC Implementation Malformed Request File Overwrite Ar... |
72600 | Cisco TelePresence Administrative Web Interface Crafted Request Arbitrary Fil... |
72598 | Cisco TelePresence Java Servlet Framework Crafted Request Unauthenticated Com... |
72597 | Cisco TelePresence CGI Subsystem Unspecified Remote Command Injection |
72594 | Cisco Multiple Products Crafted Cisco Discovery Protocol (CDP) Packet Handlin... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-07-27 | Name : The videoconferencing switch running on the remote host is affected by multip... File : cisco_tms_web_1_7_0.nasl - Type : ACT_GATHER_INFO |