CVE-2011-0376

Description

The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876.

Affected products

• Cisco / telepresence_system_1000
• Cisco / telepresence_system_1100
• Cisco / telepresence_system_1300_series
• Cisco / telepresence_system_3000
• Cisco / telepresence_system_3200_series
• Cisco / telepresence_system_500_series
• Cisco / telepresence_system_software1.5.11 – 1.5.11
• Cisco / telepresence_system_software1.5.12 – 1.5.12
• Cisco / telepresence_system_software1.2.3 – 1.2.3
• Cisco / telepresence_system_software1.6.0 – 1.6.0
• Cisco / telepresence_system_software1.6.1 – 1.6.1
• Cisco / telepresence_system_software1.5.13 – 1.5.13
• Cisco / telepresence_system_software1.3.2 – 1.3.2
• Cisco / telepresence_system_software1.4.7 – 1.4.7
• Cisco / telepresence_system_software1.5.1 – 1.5.1
• Cisco / telepresence_system_software1.5.3 – 1.5.3
• Cisco / telepresence_system_software1.5.10 – 1.5.10

References

• MISChttp://www.securitytracker.com/id?1025112
• VENDOR_ADVISORYhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e152.shtml