Auth bypass in Cisco Telepresence_multipoint_switch

CVE-2011-0383

The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative…

Vulnerability class: Broken Authentication

EPSS: 0.047 (89.6th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_multipoint_switch
Cisco Telepresence_multipoint_switch_software — versions 1.0.4.0, 1.1.0, 1.1.1
Cisco Telepresence_recording_server
Cisco Telepresence_recording_server_software — versions 1.6.1
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

46519 (vdb-entry, x_refsource_BID)
20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1025114 (vdb-entry, x_refsource_SECTRACK)
20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch (x_refsource_CISCO, vendor-advisory)
telepresence-java-unauth-access(65602) (vdb-entry, x_refsource_XF)
1025113 (vdb-entry, x_refsource_SECTRACK)