RCE in Cisco Telepresence_recording_server

CVE-2011-0382

The CGI subsystem on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 allows remote attackers to execute arbitrary commands via a request to TCP port 443, related to a "command injection vulnerability," aka Bug…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.052 (90.1th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_recording_server
Cisco Telepresence_recording_server_software — versions 1.6.1
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1025114 (vdb-entry, x_refsource_SECTRACK)
46522 (vdb-entry, x_refsource_BID)