CVE-2011-0378 Details

CVE-2011-0378

Published: 2011-02-25
Last Modified: 2011-03-31
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587.

Analysis
Common Vulnerability Score System v2.0
Severity High
Base Score 8.3/10
Exploit Score 6.5/10
Access Vector Adjacent_network
Access Complexity Low
Authentication None
Impact Score 10/10
Confidentiality Impact Complete
Availability Impact Complete
Integrity Impact Complete
Vector String AV:A/AC:L/Au:N/C:C/I:C/A:C
Common Vulnerability Score System v3.1

NIST has not assigned a CVSSv3.1 Score.

Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:a:cisco:telepresence_system_software:1.2.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.3.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.4.7:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.10:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.11:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.12:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.13:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:cisco:telepresence_system_1000:*:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:cisco:telepresence_system_1100:*:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.2.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.3.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.4.7:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.10:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.11:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.12:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.13:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:cisco:telepresence_system_3000:*:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.10:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.11:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.12:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.13:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:cisco:telepresence_system_1300_series:*:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.4.7:*:*:*:*:*:*:* No - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.1:*:*:*:*:*:*:* No - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.3:*:*:*:*:*:*:* No - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.10:*:*:*:*:*:*:* No - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.11:*:*:*:*:*:*:* No - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.12:*:*:*:*:*:*:* No - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.13:*:*:*:*:*:*:* No - -
cpe:2.3:h:cisco:telepresence_system_3200_series:*:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.4.7:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.10:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.11:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.12:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:cisco:telepresence_system_software:1.5.13:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:cisco:telepresence_system_500_series:*:*:*:*:*:*:*:* Yes - -
References

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e152.shtml
http://www.securitytracker.com/id?1025112

CVE ID
CVE-2011-0378
Published
2011-02-25
Modified
2011-03-31
CVSSv2.0
High
PCI Compliance
Fail
US-CERT Alert
No
CWE
CWE-78

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.