Unauthenticated Remote Code Execution in Cisco TelePresence Recording Server and CTMS Devices

Unauthenticated Remote Code Execution in Cisco TelePresence Recording Server and CTMS Devices

CVE-2011-0383 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008.

Learn more about our Cis Benchmark Audit For Cisco.