Vulnerability Details : CVE-2011-0388
Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-0388
Probability of exploitation activity in the next 30 days: 0.78%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-0388
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2011-0388
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0388
-
http://www.securitytracker.com/id?1025114
Cisco TelePresence Recording Server Bugs Let Remote Users Deny Service and Take Full Control of the Target Device - SecurityTracker
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml
Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch - CiscoVendor Advisory
-
http://www.securityfocus.com/bid/46523
Cisco TelePresence Multipoint Switch and Recording Server Denial of Service Vulnerability
-
http://www.securitytracker.com/id?1025113
Cisco TelePresence Multipoint Switch Flaws Let Remote Users Deny Service and Execute Arbitrary Code - SecurityTracker
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml
Multiple Vulnerabilities in Cisco TelePresence Recording Server - CiscoVendor Advisory
Products affected by CVE-2011-0388
- cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:telepresence_multipoint_switch:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_recording_server_software:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:telepresence_recording_server:*:*:*:*:*:*:*:*