Cisco TelePresence Multipoint Switch < 1.7.0 Multiple Vulnerabilities (cisco-sa-20110223-telepresence-ctms)

Critical Nessus Plugin ID 60139

Synopsis

The videoconferencing switch running on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the version of Cisco TelePresence Multipoint Switch running on the remote host is earlier than 1.7.0 and, therefore, has the following vulnerabilities:

- Servlets used to perform administrative actions are accessible without authentication. (CVE-2011-0383, CVE-2011-0384, CVE-2011-0387)

- Unauthenticated attackers can upload files to arbitrary locations. (CVE-2011-0385)

- An unauthenticated attacker on the same network segment could send a malicious Cisco Discovery Protocol packet, resulting in a buffer overflow. (CVE-2011-0379)

- Java RMI access is not properly restricted, which could allow an unauthenticated, remote attacker to cause a denial of service. (CVE-2011-0388)

- Receiving a malicious RTCP packet could cause the call control process to crash. (CVE-2011-0389) A remote, unauthenticated attacker could potentially exploit the most severe of these vulnerabilities to take complete control of the host.

Solution

Upgrade to Cisco TelePresence Multipoint Switch 1.7.0 or later.

See Also

http://www.nessus.org/u?b9fd7a15

Plugin Details

Severity: Critical

ID: 60139

File Name: cisco_tms_web_1_7_0.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 2012/07/27

Updated: 2018/11/15

Dependencies: 60138

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:telepresence_multipoint_switch_software

Required KB Items: www/cisco_tms

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/02/23

Vulnerability Publication Date: 2011/02/23

Reference Information

CVE: CVE-2011-0379, CVE-2011-0383, CVE-2011-0384, CVE-2011-0385, CVE-2011-0387, CVE-2011-0388, CVE-2011-0389

BID: 46514, 46516, 46519, 46520, 46523