CVE-2011-2543 - OpenCVE

Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Telepresence C Series Software Telepresence Codec C40 Telepresence Codec C60 Telepresence Codec C90

Configuration 1 [-]

AND

OR	cpe:2.3:h:cisco:telepresence_codec_c40::::::::
	cpe:2.3:h:cisco:telepresence_codec_c60::::::::
	cpe:2.3:h:cisco:telepresence_codec_c90::::::::

OR	cpe:2.3:a:cisco:telepresence_c_series_software:tc4.0.0:::::::*
	cpe:2.3:a:cisco:telepresence_c_series_software:tc4.0.1:::::::*
	cpe:2.3:a:cisco:telepresence_c_series_software:tc4.0.4:::::::*
	cpe:2.3:a:cisco:telepresence_c_series_software:tc4.1.0:::::::*
	cpe:2.3:a:cisco:telepresence_c_series_software:tc4.1.1:::::::*
	cpe:2.3:a:cisco:telepresence_c_series_software:tc4.1.2:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/46057
http://secunia.com/advisories/46109
http://securityreason.com/securityalert/8393
http://securitytracker.com/id?1026072
http://www.exploit-db.com/exploits/17871
http://www.securityfocus.com/archive/1/519698/100/0/threaded
http://www.securityfocus.com/bid/49670
https://exchange.xforce.ibmcloud.com/vulnerabilities/69907

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2011-09-23T10:00:00

Updated: 2024-08-06T23:08:22.015Z

Reserved: 2011-06-27T00:00:00

Link: CVE-2011-2543

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-09-23T10:55:02.693

Modified: 2018-10-09T19:32:42.870

Link: CVE-2011-2543

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-09-19T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "49670", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/49670"}, {"name": "8393", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8393"}, {"name": "46057", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46057"}, {"name": "46109", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46109"}, {"name": "1026072", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1026072"}, {"name": "20110919 Cisco TelePresence Multiple Vulnerabilities - SOS-11-010", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/519698/100/0/threaded"}, {"name": "17871", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/17871"}, {"name": "cisco-telepresence-getxml-bo(69907)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69907"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2011-2543", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "49670", "refsource": "BID", "url": "http://www.securityfocus.com/bid/49670"}, {"name": "8393", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8393"}, {"name": "46057", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/46057"}, {"name": "46109", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/46109"}, {"name": "1026072", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1026072"}, {"name": "20110919 Cisco TelePresence Multiple Vulnerabilities - SOS-11-010", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/519698/100/0/threaded"}, {"name": "17871", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/17871"}, {"name": "cisco-telepresence-getxml-bo(69907)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69907"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:08:22.015Z"}, "title": "CVE Program Container", "references": [{"name": "49670", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/49670"}, {"name": "8393", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8393"}, {"name": "46057", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/46057"}, {"name": "46109", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/46109"}, {"name": "1026072", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1026072"}, {"name": "20110919 Cisco TelePresence Multiple Vulnerabilities - SOS-11-010", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/519698/100/0/threaded"}, {"name": "17871", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/17871"}, {"name": "cisco-telepresence-getxml-bo(69907)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69907"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2011-2543", "datePublished": "2011-09-23T10:00:00", "dateReserved": "2011-06-27T00:00:00", "dateUpdated": "2024-08-06T23:08:22.015Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:telepresence_codec_c40:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C5E2223-2180-4D0F-9E34-8AF54DC97FE3", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:telepresence_codec_c60:*:*:*:*:*:*:*:*", "matchCriteriaId": "001596FF-7961-4983-8E1B-E272C94958EB", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:telepresence_codec_c90:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBC21F7C-240C-446E-BDF6-3E1AB9B05B4F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_c_series_software:tc4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "33B45531-86E4-462A-ADCD-AB519E3A7CBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_c_series_software:tc4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "180F6879-05EC-4BEC-92E8-DD55BCB93D2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_c_series_software:tc4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "556BF725-71CD-40B8-BECD-557DC8922E87", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_c_series_software:tc4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2B10E3F-CE68-4D2E-BC59-C4FAA6675280", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_c_series_software:tc4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "71A51261-B1D7-4ACA-8399-6BBBB17CDB93", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_c_series_software:tc4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "321FC6B1-D14C-490C-A1EB-E61F63DFB4F2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en el componente cuil de Cisco TelePresence System Integrator de la Serie C 4.x antes de TC4.2.0, permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (reinicio de punto final o ca\u00edda del proceso) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un par\u00e1metro location largo en el programa GetXml, tambi\u00e9n conocido como Bug ID CSCtq46496."}], "id": "CVE-2011-2543", "lastModified": "2018-10-09T19:32:42.870", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-09-23T10:55:02.693", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/46057"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/46109"}, {"source": "ykramarz@cisco.com", "url": "http://securityreason.com/securityalert/8393"}, {"source": "ykramarz@cisco.com", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1026072"}, {"source": "ykramarz@cisco.com", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/17871"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/archive/1/519698/100/0/threaded"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/49670"}, {"source": "ykramarz@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69907"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}