CVE Vulnerabilities

CVE-2015-0653

Improper Authentication

Published: Mar 13, 2015 | Modified: Jun 11, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to bypass authentication via crafted login parameters, aka Bug IDs CSCur02680 and CSCur05556.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Expressway_software Cisco x7.2 (including) x7.2.4 (excluding)
Expressway_software Cisco x8.1 (including) x8.1.2 (excluding)
Expressway_software Cisco x8.2 (including) x8.2.2 (excluding)
Telepresence_conductor Cisco x2.3 (including) x2.3.1 (excluding)
Telepresence_conductor Cisco xc2.4 (including) xc2.4.1 (excluding)
Telepresence_video_communication_server_software Cisco x7.2 (including) x7.2.4 (excluding)
Telepresence_video_communication_server_software Cisco x8.1 (including) x8.1.2 (excluding)
Telepresence_video_communication_server_software Cisco x8.2 (including) x8.2.2 (excluding)

Potential Mitigations

References