CVE-2011-0383

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Recording Server versions 1.6.x before 1.6.2 Cisco TelePresence Multipoint Switch (CTMS) versions 1.0.x, 1.1.x, 1.5.x, and 1.6.x

Description The Java Servlet framework does not require administrative authentication for certain actions, allowing remote attackers to execute arbitrary code via a crafted request.

Recommendations For Cisco TelePresence Recording Server versions 1.6.x before 1.6.2, update to version 1.6.2 or later. For Cisco TelePresence Multipoint Switch (CTMS) versions 1.0.x, 1.1.x, 1.5.x, and 1.6.x, consider restricting access to the Java Servlet framework until a patch is available.