CiscoCISCO-SA-20190206-TMS-SOAPCisco TelePresence Management Suite Web Services
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
49.1%
Cisco TelePresence Management Suite (TMS) software implements a Simple Object Access Protocol (SOAP) interface that by design allows unauthenticated access to web services designed to provide management features to devices.
At first publication of the advisory, the management feature was not documented and may have represented unknown risks to customers implementing the feature within their environments. Customers should refer to page 18 of the Cisco TMS Admin Guide [“https://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/tms/admin_guide/Cisco-TMS-Admin-Guide-15-11.pdf#page=18”] for additional information that documents the management feature.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-tms-soap [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-tms-soap”]
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
49.1%