CVE-2011-0384
Cisco TelePresence Multipoint Switch Software 1.0.x-1.6.x - Unauthenticated Remote Code Execution
Title source: llmDescription
The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46520
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65620
Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025113
Scores
EPSS
0.0594
EPSS Percentile
92.4%
Details
CWE
CWE-287
Status
published
Products (17)
cisco/telepresence_multipoint_switch
cisco/telepresence_multipoint_switch_software
1.0.4.0
cisco/telepresence_multipoint_switch_software
1.1.0
cisco/telepresence_multipoint_switch_software
1.1.1
cisco/telepresence_multipoint_switch_software
1.1.2
cisco/telepresence_multipoint_switch_software
1.5.0
cisco/telepresence_multipoint_switch_software
1.5.1
cisco/telepresence_multipoint_switch_software
1.5.2
cisco/telepresence_multipoint_switch_software
1.5.3
cisco/telepresence_multipoint_switch_software
1.5.4
... and 7 more
Published
Feb 25, 2011
Tracked Since
Feb 18, 2026