Cisco TelePresence Multipoint Switch < 1.7.0 Multiple Vulnerabilities (cisco-sa-20110223-telepresence-ctms)

critical Nessus Plugin ID 60139


The videoconferencing switch running on the remote host is affected by multiple vulnerabilities.


According to its self-reported version number, the version of Cisco TelePresence Multipoint Switch running on the remote host is earlier than 1.7.0 and, therefore, has the following vulnerabilities:

- Servlets used to perform administrative actions are accessible without authentication. (CVE-2011-0383, CVE-2011-0384, CVE-2011-0387)

- Unauthenticated attackers can upload files to arbitrary locations. (CVE-2011-0385)

- An unauthenticated attacker on the same network segment could send a malicious Cisco Discovery Protocol packet, resulting in a buffer overflow. (CVE-2011-0379)

- Java RMI access is not properly restricted, which could allow an unauthenticated, remote attacker to cause a denial of service. (CVE-2011-0388)

- Receiving a malicious RTCP packet could cause the call control process to crash. (CVE-2011-0389) A remote, unauthenticated attacker could potentially exploit the most severe of these vulnerabilities to take complete control of the host.


Upgrade to Cisco TelePresence Multipoint Switch 1.7.0 or later.

See Also

Plugin Details

Severity: Critical

ID: 60139

File Name: cisco_tms_web_1_7_0.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 7/27/2012

Updated: 6/5/2024

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:cisco:telepresence_multipoint_switch_software

Required KB Items: www/cisco_tms

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/23/2011

Vulnerability Publication Date: 2/23/2011

Reference Information

CVE: CVE-2011-0379, CVE-2011-0383, CVE-2011-0384, CVE-2011-0385, CVE-2011-0387, CVE-2011-0388, CVE-2011-0389

BID: 46514, 46516, 46519, 46520, 46523