Auth bypass in Cisco Telepresence_recording_server

CVE-2011-0392

Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833.

Vulnerability class: Broken Authentication

EPSS: 0.008 (74.0th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_recording_server
Cisco Telepresence_recording_server_software — versions 1.6.1, 1.6.2, 1.6.3
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

telepresence-xmlrpc-security-bypass(65609) (vdb-entry, x_refsource_XF)
20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1025114 (vdb-entry, x_refsource_SECTRACK)
46522 (vdb-entry, x_refsource_BID)