6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
74.2%
A vulnerability in the application programming interface (API) for the Platform and Applications Manager (PAM) for the Cisco Virtual Media Packager (VMP) could allow an unauthenticated, remote attacker to access the PAM API. The PAM API is only accessible using the SSL or TLS protocol.
The vulnerability is due to lack of proper authentication controls. An attacker could exploit this vulnerability by accessing the PAM API. An exploit could allow the attacker to access the PAM API without authentication.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-vmp[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-vmp”]
CPE | Name | Operator | Version |
---|---|---|---|
cisco media origination system suite software | eq | any | |
cisco media origination system suite software | eq | any |
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
74.2%