CVE-2011-0384

Опубликовано: 25 фев. 2011

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.0.4.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.4:*:*:*:*:*:*:*

cpe:2.3:h:cisco:telepresence_multipoint_switch:*:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.0571

Низкий

10 Critical

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-h8jc-fxc6-j8gp

github

больше 3 лет назад