RCE in Cisco Telepresence_recording_server

CVE-2011-0386

The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSC…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.032 (87.2th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_recording_server
Cisco Telepresence_recording_server_software — versions 1.6.1, 1.6.2, 1.6.3
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
telepresence-xmlrpc-file-overwrite(65605) (vdb-entry, x_refsource_XF)
1025114 (vdb-entry, x_refsource_SECTRACK)
46522 (vdb-entry, x_refsource_BID)