PT-2016-4754 · Cisco · Telepresence Codec+1

Publicado

2016-05-05

Atualizado

2016-12-01

CVE-2016-1387

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TelePresence Codec (TC) versions 7.2.0 through 7.3.5 Collaboration Endpoint (CE) versions 8.0.0 through 8.1.0

Description The XML API in Cisco TelePresence Software mishandles authentication, allowing remote attackers to execute control commands or make configuration changes via an API request.

Recommendations For TelePresence Codec (TC) versions 7.2.0 through 7.3.5, update to a version that includes the fix for Bug ID CSCuz26935. For Collaboration Endpoint (CE) versions 8.0.0 through 8.1.0, update to a version that includes the fix for Bug ID CSCuz26935.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2016-1387

Produtos afetados

Collaboration Endpoint

Telepresence Codec

PT-2016-4754 · Cisco · Telepresence Codec+1

CVE-2016-1387

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4