Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-0653

The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to bypass authentication via crafted login parameters, aka Bug IDs CSCur02680 and CSCur05556.

Published

2015-03-13T01:59:32.427

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	expressway_software	< x7.2.4	Yes
Application	cisco	expressway_software	< x8.1.2	Yes
Application	cisco	expressway_software	< x8.2.2	Yes
Application	cisco	telepresence_conductor	< x2.3.1	Yes
Application	cisco	telepresence_conductor	< xc2.4.1	Yes
Application	cisco	telepresence_video_communication_server_software	< x7.2.4	Yes
Application	cisco	telepresence_video_communication_server_software	< x8.1.2	Yes
Application	cisco	telepresence_video_communication_server_software	< x8.2.2	Yes

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs Vendor Advisory ([email protected])
http://www.securitytracker.com/id/1031910 Third Party Advisory, VDB Entry ([email protected])
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1031910 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)