CVE-2011-0384

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Multipoint Switch (CTMS) versions 1.0.x through 1.6.x

Description The Java Servlet framework does not require administrative authentication for certain actions, allowing remote attackers to execute arbitrary code via a crafted request.

Recommendations For versions 1.0.x through 1.6.x, consider restricting access to the Java Servlet framework until a patch is available. As a temporary workaround, restrict administrative actions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.