RCE in Cisco Telepresence_recording_server

CVE-2012-3076

The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.006 (70.5th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_recording_server — versions 1.6.1\(2\), 1.6.2\(31\), 1.6.3\(4\)
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

20120711 Multiple Vulnerabilities in Cisco TelePresence Recording Server (x_refsource_CISCO, vendor-advisory, Vendor Advisory)