Multiple Vulnerabilities in Cisco TelePresence Products

Posted: 24/2/11 by komz in Etiquetas: , ,
0

There are multiple vulnerabilities in Cisco TelePresence products:


1. Cisco TelePresence Endpoint Devices
Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices

Unauthenticated CGI Access: This vulnerability can be exploited remotely without authentication and without end-user interaction. Successful exploitation of this vulnerability may allow arbitrary code execution. The attack vector for exploitation is through HTTP packets using TCP port 8082. This vulnerability has been assigned CVE identifier CVE-2011-0372.

2. Cisco TelePresence Manager
Multiple Vulnerabilities in Cisco TelePresence Manager
 
SOAP Authentication Bypass: This vulnerability can be exploited remotely without authentication and without end-user interaction. Successful exploitation of this vulnerability may allow elevation of privilege. The attack vector for exploitation is through malformed SOAP packets using TCP ports 8080 and 8443. This vulnerability has been assigned CVE identifier CVE-2011-0380.

3. Cisco TelePresence Multipoint Switch
 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch

Unauthenticated Java Servlet Access: These vulnerabilities can be exploited remotely without authentication and without end-user interaction. Successful exploitation of these vulnerabilities may allow elevation of privileges. The attack vector for exploitation is through crafted HTTP packets using TCP ports 80 and 8080 and SSL packets using TCP port 443. These vulnerabilities have been assigned CVE identifiers CVE-2011-0383 and CVE-2011-0384.

4. Cisco TelePresence Recording Server
Multiple Vulnerabilities in Cisco TelePresence Recording Server
 
Unauthenticated Java Servlet Access: This vulnerability can be exploited remotely without authentication and without end-user interaction. Successful exploitation of this vulnerability may allow elevation of privileges. The attack vector for exploitation is through crafted HTTP packets using TCP ports 80 and 8080 and SSL packets using TCP port 443. This vulnerability has been assigned CVE identifier CVE-2011-0383.

 

fuente: cisco.com

0 comentarios: