CVE-2011-0385

critical

Description

The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/65604

http://www.securitytracker.com/id?1025114

http://www.securitytracker.com/id?1025113

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml

Details

Source: Mitre, NVD

Published: 2011-02-25

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical