Cisco TelePresence Multipoint Switch < 1.7.0 Multiple Vulnerabilities (cisco-sa-20110223-telepresence-ctms)

critical Nessus Plugin ID 60139

Synopsis

The videoconferencing switch running on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the version of Cisco TelePresence Multipoint Switch running on the remote host is earlier than 1.7.0 and, therefore, has the following vulnerabilities:

- Servlets used to perform administrative actions are accessible without authentication. (CVE-2011-0383, CVE-2011-0384, CVE-2011-0387)

- Unauthenticated attackers can upload files to arbitrary locations. (CVE-2011-0385)

- An unauthenticated attacker on the same network segment could send a malicious Cisco Discovery Protocol packet, resulting in a buffer overflow. (CVE-2011-0379)

- Java RMI access is not properly restricted, which could allow an unauthenticated, remote attacker to cause a denial of service. (CVE-2011-0388)

- Receiving a malicious RTCP packet could cause the call control process to crash. (CVE-2011-0389) A remote, unauthenticated attacker could potentially exploit the most severe of these vulnerabilities to take complete control of the host.

Solution

Upgrade to Cisco TelePresence Multipoint Switch 1.7.0 or later.

See Also

http://www.nessus.org/u?b9fd7a15

Plugin Details

Severity: Critical

ID: 60139

File Name: cisco_tms_web_1_7_0.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 7/27/2012

Updated: 6/5/2024

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:cisco:telepresence_multipoint_switch_software

Required KB Items: www/cisco_tms

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/23/2011

Vulnerability Publication Date: 2/23/2011

Reference Information

CVE: CVE-2011-0379, CVE-2011-0383, CVE-2011-0384, CVE-2011-0385, CVE-2011-0387, CVE-2011-0388, CVE-2011-0389

BID: 46514, 46516, 46519, 46520, 46523