PT-2011-2314 · Cisco · Cisco Telepresence Recording Server

Published

2011-02-25

Updated

2017-08-17

CVE-2011-0392

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Recording Server devices with software 1.6.x

Description The issue concerns a lack of authentication for an XML-RPC interface, allowing remote attackers to perform unspecified actions via a session on TCP port 8080.

Recommendations For Cisco TelePresence Recording Server devices with software 1.6.x, consider restricting access to the XML-RPC interface on TCP port 8080 until a fix is available. As a temporary workaround, limit access to trusted sources to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2011-0392

Affected Products

Cisco Telepresence Recording Server

PT-2011-2314 · Cisco · Cisco Telepresence Recording Server

CVE-2011-0392

Weakness Enumeration

Related Identifiers

Affected Products

References · 5