PT-2019-1380 · Cisco · Cisco Telepresence Management Suite

Publicado

2019-02-06

Atualizado

2019-10-09

CVE-2019-1660

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Management Suite (TMS) software (affected versions not specified)

Description A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The issue is due to a lack of proper access and authentication controls on the affected TMS software. An attacker could exploit this by sending crafted SOAP calls to the affected device, potentially allowing access to system management tools, which should normally be prohibited.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-264

Identificadores relacionados

BDU:2019-00742

CVE-2019-1660

Produtos afetados

Cisco Telepresence Management Suite

PT-2019-1380 · Cisco · Cisco Telepresence Management Suite

CVE-2019-1660

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5