| |
Vulnerability CVE-2016-1387
Published: 2016-05-05
| Description: |
The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935. |
CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:C)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
9/10 |
8.5/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Complete |
References: |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
