Information disclosure in Cisco Telepresence_system_1000

CVE-2011-0376

The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876.

Vulnerability class: Information Disclosure

EPSS: 0.009 (76.1th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_system_1000
Cisco Telepresence_system_1100
Cisco Telepresence_system_1300_series
Cisco Telepresence_system_3000
Cisco Telepresence_system_3200_series
Cisco Telepresence_system_500_series
Cisco Telepresence_system_software — versions 1.2.3, 1.3.2, 1.4.7
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

1025112 (vdb-entry, x_refsource_SECTRACK)
20110223 Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices (x_refsource_CISCO, vendor-advisory, Vendor Advisory)