CVE-2011-0386 : The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 all

The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739.

Published 2011-02-25 12:00:19

Updated 2017-08-17 01:33:28

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2011-0386

Probability of exploitation activity in the next 30 days: 3.52%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-0386

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2011-0386

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-0386

https://exchange.xforce.ibmcloud.com/vulnerabilities/65605

Cisco TelePresence Recording Server XML-RPC file overwrite CVE-2011-0386 Vulnerability Report
http://www.securitytracker.com/id?1025114

Cisco TelePresence Recording Server Bugs Let Remote Users Deny Service and Take Full Control of the Target Device - SecurityTracker

CVEs referencing this url
http://www.securityfocus.com/bid/46522

Cisco TelePresence Recording Server Multiple Vulnerabilities

CVEs referencing this url
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml

Multiple Vulnerabilities in Cisco TelePresence Recording Server - Cisco
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2011-0386

Cisco » Telepresence Recording Server Software » Version: 1.6.1
cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.1:*:*:*:*:*:*:*
Matching versions
Cisco » Telepresence Recording Server Software » Version: 1.6.2
cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.2:*:*:*:*:*:*:*
Matching versions
Cisco » Telepresence Recording Server Software » Version: 1.6.3
cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.3:*:*:*:*:*:*:*
Matching versions
Cisco » Telepresence Recording Server Software » Version: 1.7.1
cpe:2.3:a:cisco:telepresence_recording_server_software:1.7.1:*:*:*:*:*:*:*
Matching versions
Cisco » Telepresence Recording Server Software » Version: 1.7.0
cpe:2.3:a:cisco:telepresence_recording_server_software:1.7.0:*:*:*:*:*:*:*
Matching versions
Cisco » Telepresence Recording Server
cpe:2.3:h:cisco:telepresence_recording_server:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-0386

Exploit prediction scoring system (EPSS) score for CVE-2011-0386

CVSS scores for CVE-2011-0386

CWE ids for CVE-2011-0386

References for CVE-2011-0386

Products affected by CVE-2011-0386