CVE-2015-0611

Name of the Vulnerable Software and Affected Versions Cisco TelePresence IX5000 devices with Cisco IX 8 versions prior to 8.0.1

Description The administrative web-management portal does not properly restrict the device-recovery account's access. This allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication.

Recommendations For Cisco TelePresence IX5000 devices with Cisco IX 8 versions prior to 8.0.1, update to a version later than 8.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the device-recovery account to minimize the risk of exploitation.