CVE-2011-0392

Cisco Telepresence Recording Server Software - Authentication Bypass

Title source: rule

Description

Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833.

References (4)

[Vendor Advisory] http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/65609

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/46522

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1025114

Scores

EPSS 0.0078

EPSS Percentile 73.4%

Classification

CWE

CWE-287

Status draft

Affected Products (4)

cisco/telepresence_recording_server_software

cisco/telepresence_recording_server

Timeline

Published Feb 25, 2011

Tracked Since Feb 18, 2026