Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2016-1387
HistoryMay 05, 2016 - 9:59 p.m.

CVE-2016-1387

2016-05-0521:59:04
CWE-287
cisco
web.nvd.nist.gov
36
telepresence codec
collaboration endpoint
authentication
remote attackers
control commands
configuration changes
api request
nvd
cve-2016-1387
cisco telepresence software

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

73.3%

JSON

The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935.

Affected configurations

Nvd
Node
ciscotelepresence_tc_softwareMatch7.2.0
OR
ciscotelepresence_tc_softwareMatch7.2.1
OR
ciscotelepresence_tc_softwareMatch7.3.0
OR
ciscotelepresence_tc_softwareMatch7.3.1
OR
ciscotelepresence_tc_softwareMatch7.3.2
OR
ciscotelepresence_tc_softwareMatch7.3.3
VendorProductVersionCPE
ciscotelepresence_tc_software7.2.0cpe:2.3:a:cisco:telepresence_tc_software:7.2.0:*:*:*:*:*:*:*
ciscotelepresence_tc_software7.2.1cpe:2.3:a:cisco:telepresence_tc_software:7.2.1:*:*:*:*:*:*:*
ciscotelepresence_tc_software7.3.0cpe:2.3:a:cisco:telepresence_tc_software:7.3.0:*:*:*:*:*:*:*
ciscotelepresence_tc_software7.3.1cpe:2.3:a:cisco:telepresence_tc_software:7.3.1:*:*:*:*:*:*:*
ciscotelepresence_tc_software7.3.2cpe:2.3:a:cisco:telepresence_tc_software:7.3.2:*:*:*:*:*:*:*
ciscotelepresence_tc_software7.3.3cpe:2.3:a:cisco:telepresence_tc_software:7.3.3:*:*:*:*:*:*:*

Related

cvelist 1
prion 1
cisco 1
openvas 1
nvd 1
nessus 1
threatpost 1
cvelist
cvelist
CVE-2016-1387
2016-05-05 21:00:00
prion
prion
Command injection
2016-05-05 21:59:00
cisco
cisco
Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability
2016-05-04 16:00:00
openvas
openvas
Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability (cisco-sa-20160504-tpxml)
2016-05-13 00:00:00
nvd
nvd
CVE-2016-1387
2016-05-05 21:59:04
nessus
nessus
Cisco TelePresence XML API HTTP Request Handling Authentication Bypass (cisco-sa-20160504-tpxml)
2016-05-13 00:00:00
threatpost
threatpost
Cisco Issues Critical Security Warning Tied to TelePresence Hardware
2016-05-04 17:17:04

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

73.3%

JSON
Related for CVE-2016-1387
cvelist1prion1cisco1openvas1nvd1nessus1threatpost1