Cisco Virtual Media Packager PAM API Unauthorized Access Vulnerability

A vulnerability in the application programming interface (API) for the Platform and Applications Manager (PAM) for the Cisco Virtual Media Packager (VMP) could allow an unauthenticated, remote attacker to access the PAM API. The PAM API is only accessible using the SSL or TLS protocol.

The vulnerability is due to lack of proper authentication controls. An attacker could exploit this vulnerability by accessing the PAM API. An exploit could allow the attacker to access the PAM API without authentication.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-vmp[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-vmp”]