{"api_version":"1","generated_at":"2026-05-13T22:30:50+00:00","cve":"CVE-2011-0384","urls":{"html":"https://cve.report/CVE-2011-0384","api":"https://cve.report/api/cve/CVE-2011-0384.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-0384","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-0384"},"summary":{"title":"CVE-2011-0384","description":"The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253.","state":"PUBLISHED","assigner":"cisco","published_at":"2011-02-25 12:00:18","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-287","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml","name":"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch - Cisco Systems","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1025113","name":"http://www.securitytracker.com/id?1025113","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Cisco TelePresence Multipoint Switch Flaws Let Remote Users Deny Service and Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/46520","name":"http://www.securityfocus.com/bid/46520","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Cisco TelePresence Multipoint Switch Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65620","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65620","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-0384","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0384","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"cisco","cpe5":"telepresence_multipoint_switch","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_multipoint_switch_software","cpe6":"1.0.4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_multipoint_switch_software","cpe6":"1.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_multipoint_switch_software","cpe6":"1.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_multipoint_switch_software","cpe6":"1.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_multipoint_switch_software","cpe6":"1.5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_multipoint_switch_software","cpe6":"1.5.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_multipoint_switch_software","cpe6":"1.5.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_multipoint_switch_software","cpe6":"1.5.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_multipoint_switch_software","cpe6":"1.5.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_multipoint_switch_software","cpe6":"1.5.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_multipoint_switch_software","cpe6":"1.5.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_multipoint_switch_software","cpe6":"1.6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_multipoint_switch_software","cpe6":"1.6.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_multipoint_switch_software","cpe6":"1.6.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_multipoint_switch_software","cpe6":"1.6.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_multipoint_switch_software","cpe6":"1.6.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T21:51:08.923Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"46520","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/46520"},{"name":"cisco-switch-java-unauth-access(65620)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65620"},{"name":"20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch","tags":["vendor-advisory","x_refsource_CISCO","x_transferred"],"url":"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml"},{"name":"1025113","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1025113"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2011-02-23T00:00:00.000Z","descriptions":[{"lang":"en","value":"The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-16T14:57:01.000Z","orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco"},"references":[{"name":"46520","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/46520"},{"name":"cisco-switch-java-unauth-access(65620)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65620"},{"name":"20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch","tags":["vendor-advisory","x_refsource_CISCO"],"url":"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml"},{"name":"1025113","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1025113"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","ID":"CVE-2011-0384","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"46520","refsource":"BID","url":"http://www.securityfocus.com/bid/46520"},{"name":"cisco-switch-java-unauth-access(65620)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65620"},{"name":"20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch","refsource":"CISCO","url":"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml"},{"name":"1025113","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1025113"}]}}}},"cveMetadata":{"assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","assignerShortName":"cisco","cveId":"CVE-2011-0384","datePublished":"2011-02-25T11:00:00.000Z","dateReserved":"2011-01-07T00:00:00.000Z","dateUpdated":"2024-08-06T21:51:08.923Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2011-02-25 12:00:18","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-287","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.0.4.0:*:*:*:*:*:*:*","matchCriteriaId":"8AD084A4-0AA0-499F-9D2F-9AD0FC87B0B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B862A01F-71E8-412F-AF83-3A64FB7352EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"909CA78F-933F-4C79-8F91-D6B17FCD7093"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.1.2:*:*:*:*:*:*:*","matchCriteriaId":"6C885CA7-3DCC-4C05-8945-FBF2CD08EACA"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.0:*:*:*:*:*:*:*","matchCriteriaId":"4D000335-5F60-49A8-B642-A5BEDC6A6820"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.1:*:*:*:*:*:*:*","matchCriteriaId":"BBBD9AB4-AC7C-4D3D-AF93-1B9D8AAF31CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.2:*:*:*:*:*:*:*","matchCriteriaId":"D1B8EF29-8A24-47C7-8108-07B27AF0FDC3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.3:*:*:*:*:*:*:*","matchCriteriaId":"D99CDCC2-5373-447E-9AB2-DEDB5C6327D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.4:*:*:*:*:*:*:*","matchCriteriaId":"669BF6F3-CE41-43F2-BB6D-E594EB7CFCC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.5:*:*:*:*:*:*:*","matchCriteriaId":"606E06B8-B00B-4EE1-A763-A62C9105C5E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.5.6:*:*:*:*:*:*:*","matchCriteriaId":"CECA0482-FD41-46E7-A8F9-54BC665A83FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.0:*:*:*:*:*:*:*","matchCriteriaId":"E431D427-EA04-4296-BB23-D638ADA1FF8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.1:*:*:*:*:*:*:*","matchCriteriaId":"B70A01B1-CE17-47BF-9035-7168DF790125"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.2:*:*:*:*:*:*:*","matchCriteriaId":"F0A9D905-3740-4B9D-A26C-DFA6CBD2D154"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.3:*:*:*:*:*:*:*","matchCriteriaId":"69F84CF3-ED9D-4962-8930-ACB5319AFF6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_multipoint_switch_software:1.6.4:*:*:*:*:*:*:*","matchCriteriaId":"260AD1B1-D5F3-433D-8B82-DF17197031C4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:cisco:telepresence_multipoint_switch:*:*:*:*:*:*:*:*","matchCriteriaId":"2DC3BECB-61EE-4668-B139-D46BCF5E0F69"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"384","Ordinal":"1","Title":"CVE-2011-0384","CVE":"CVE-2011-0384","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"384","Ordinal":"1","NoteData":"The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253.","Type":"Description","Title":"CVE-2011-0384"},{"CveYear":"2011","CveId":"384","Ordinal":"2","NoteData":"2011-02-25","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"384","Ordinal":"3","NoteData":"2017-08-16","Type":"Other","Title":"Modified"}]}}}