CVE-2011-0384

Cisco Telepresence Multipoint Switch Software - Authentication Bypass

Title source: rule

Description

The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253.

References (4)

Scores

EPSS 0.0571
EPSS Percentile 90.3%

Classification

CWE
CWE-287
Status draft

Affected Products (17)

cisco/telepresence_multipoint_switch_software
cisco/telepresence_multipoint_switch_software
cisco/telepresence_multipoint_switch_software
cisco/telepresence_multipoint_switch_software
cisco/telepresence_multipoint_switch_software
cisco/telepresence_multipoint_switch_software
cisco/telepresence_multipoint_switch_software
cisco/telepresence_multipoint_switch_software
cisco/telepresence_multipoint_switch_software
cisco/telepresence_multipoint_switch_software
cisco/telepresence_multipoint_switch_software
cisco/telepresence_multipoint_switch_software
cisco/telepresence_multipoint_switch_software
cisco/telepresence_multipoint_switch_software
cisco/telepresence_multipoint_switch_software
... and 2 more

Timeline

Published Feb 25, 2011
Tracked Since Feb 18, 2026