CVE-2015-4316

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Video Communication Server (VCS) Expressway version X8.5.2

Description The issue is related to the improper validation of the phone line used for registration in the Mobile and Remote Access (MRA) endpoint-validation feature. This allows remote authenticated users to conduct impersonation attacks via a crafted registration. The vulnerability exists due to insufficient input validation, which can be exploited by a remote attacker to conduct attacks related to creating multiple registration requests.

Recommendations For Cisco TelePresence Video Communication Server (VCS) Expressway version X8.5.2, consider updating to a newer version that addresses the issue, as the current version has a flaw in the MRA endpoint-validation feature that allows impersonation attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.