1. Home
  2. CVE Database
  3. CVE-2011-0384
HIGH · 10.0

CVE-2011-0384

The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, w...

Vulnerability Description

The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
CiscoTelepresence Multipoint Switch Software1.0.4.0
CiscoTelepresence Multipoint SwitchAll versions

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2011-0384?

CVE-2011-0384 is a vulnerability with a CVSS score of 10.0 (HIGH). The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, w...

How severe is CVE-2011-0384?

CVE-2011-0384 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-0384?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Telepresence Multipoint Switch Software, Cisco Telepresence Multipoint Switch.