An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prior to Cisco TelePresence Software Release 4.3 and are running in locally managed mode. The vulnerable API was deprecated in Cisco TelePresence Software Release 4.3. More Information: CSCvc37616.
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Telepresence_server_software | Cisco | 4.2(4.17) (including) | 4.2(4.17) (including) |
Telepresence_server_software | Cisco | 4.2(4.18) (including) | 4.2(4.18) (including) |
Telepresence_server_software | Cisco | 4.2(4.19) (including) | 4.2(4.19) (including) |