Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-0386

The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739.

Published

2011-02-25T12:00:18.790

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-94
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cisco telepresence_recording_server_software 1.6.1 Yes
Application cisco telepresence_recording_server_software 1.6.2 Yes
Application cisco telepresence_recording_server_software 1.6.3 Yes
Application cisco telepresence_recording_server_software 1.7.0 Yes
Application cisco telepresence_recording_server_software 1.7.1 Yes
Hardware cisco telepresence_recording_server * Yes
References