CVE-2015-0653

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Video Communication Server (VCS) versions prior to X7.2.4 Cisco TelePresence Video Communication Server (VCS) versions X8 prior to X8.1.2 Cisco TelePresence Video Communication Server (VCS) versions X8.2 prior to X8.2.2 Cisco Expressway versions prior to X7.2.4 Cisco Expressway versions X8 prior to X8.1.2 Cisco Expressway versions X8.2 prior to X8.2.2 Cisco TelePresence Conductor versions prior to X2.3.1 Cisco TelePresence Conductor versions XC2.4 prior to XC2.4.1

Description The management interface in the affected software allows remote attackers to bypass authentication via crafted login parameters. This is due to deficiencies in the authentication procedure. An attacker can exploit this issue to gain access to the device using a specially formed username.

Recommendations For Cisco TelePresence Video Communication Server (VCS) versions prior to X7.2.4, update to version X7.2.4 or later. For Cisco TelePresence Video Communication Server (VCS) versions X8 prior to X8.1.2, update to version X8.1.2 or later. For Cisco TelePresence Video Communication Server (VCS) versions X8.2 prior to X8.2.2, update to version X8.2.2 or later. For Cisco Expressway versions prior to X7.2.4, update to version X7.2.4 or later. For Cisco Expressway versions X8 prior to X8.1.2, update to version X8.1.2 or later. For Cisco Expressway versions X8.2 prior to X8.2.2, update to version X8.2.2 or later. For Cisco TelePresence Conductor versions prior to X2.3.1, update to version X2.3.1 or later. For Cisco TelePresence Conductor versions XC2.4 prior to XC2.4.1, update to version XC2.4.1 or later.