PT-2016-4754 · Cisco · Telepresence Codec+1

Published

2016-05-05

Updated

2016-12-01

CVE-2016-1387

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TelePresence Codec (TC) versions 7.2.0 through 7.3.5 Collaboration Endpoint (CE) versions 8.0.0 through 8.1.0

Description The XML API in Cisco TelePresence Software mishandles authentication, allowing remote attackers to execute control commands or make configuration changes via an API request.

Recommendations For TelePresence Codec (TC) versions 7.2.0 through 7.3.5, update to a version that includes the fix for Bug ID CSCuz26935. For Collaboration Endpoint (CE) versions 8.0.0 through 8.1.0, update to a version that includes the fix for Bug ID CSCuz26935.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2016-1387

Affected Products

Collaboration Endpoint

Telepresence Codec

PT-2016-4754 · Cisco · Telepresence Codec+1

CVE-2016-1387

Weakness Enumeration

Related Identifiers

Affected Products

References · 4