CVE-2015-4319

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Video Communication Server (VCS) Expressway version X8.5.1

Description The issue is related to improper authorization in the password-change feature of the administrative web interface, allowing remote authenticated users to reset arbitrary active-user passwords. This is due to errors in handling registration data.

Recommendations For Cisco TelePresence Video Communication Server (VCS) Expressway version X8.5.1, consider disabling the password-change feature in the administrative web interface until a patch is available. Restrict access to the administrative web interface to minimize the risk of exploitation. Avoid using the password-change feature for arbitrary active-user passwords until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.