Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2022 Tenable Network Security, Inc.CISCO_TELEPRESENCE_CONDUCTOR_SA_CSCUR05556.NASL
HistoryMar 20, 2015 - 12:00 a.m.

Cisco TelePresence Conductor Login Security Bypass Vulnerability

2015-03-2000:00:00
This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.
www.tenable.com
28

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

69.7%

JSON

According to its self-reported version number, the Cisco TelePresence Conductor on the remote host contains an vulnerability due to inadequate validation of parameters passed during the login process.
A remote attacker, using a crafted request and knowledge of a valid user name, can bypass authentication requirements and login to the system.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(81973);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2015-0653");
  script_bugtraq_id(73044);
  script_xref(name:"CISCO-BUG-ID", value:"CSCur05556");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20150311-vcs");

  script_name(english:"Cisco TelePresence Conductor Login Security Bypass Vulnerability");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a security bypass vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Cisco TelePresence
Conductor on the remote host contains an vulnerability due to
inadequate validation of parameters passed during the login process.
A remote attacker, using a crafted request and knowledge of a valid
user name, can bypass authentication requirements and login to the
system.");
  script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/bugsearch/bug/CSCur05556");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3ed34af5");
  script_set_attribute(attribute:"solution", value:
"Upgrade to version 2.3.1 / 2.4.1 / 3.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/20");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:telepresence_conductor");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.");

  script_dependencies("cisco_telepresence_conductor_detect.nbin");
  script_require_keys("Host/Cisco_TelePresence_Conductor/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

prod = "Cisco TelePresence Conductor";
version = get_kb_item_or_exit("Host/Cisco_TelePresence_Conductor/Version");

# Note that XC3.0PreAlpha2 is listed
# as vuln, but it is not clear what
# such a version would appear like.
if (
  version =~ "^1(\.|$)"        ||
  version =~ "^2\.[0-2](\.|$)" ||
  version =~ "^2\.3(\.0($|[^0-9])|$)"
)
  fix = '2.3.1';
else if (
  version =~ "^2\.4(\.0($|[^0-9])|$)"
)
  fix = '2.4.1 / 3.0';
else
  audit(AUDIT_INST_VER_NOT_VULN, prod, version);

if (report_verbosity > 0)
{
  report = '\n  Installed version : ' + version +
           '\n  Fixed versions    : ' + fix +
           '\n';
  security_hole(port:0, extra:report);
}
else security_hole(0);
VendorProductVersionCPE
ciscotelepresence_conductorcpe:/a:cisco:telepresence_conductor

Related

nvd 1
nessus 1
cvelist 1
cve 1
ptsecurity 1
prion 1
cisco 1
securityvulns 1
nvd
nvd
CVE-2015-0653
2015-03-13 01:59:32
nessus
nessus
Cisco TelePresence VCS / Expressway Series < 7.2.4 / 8.1.2 / 8.2.2 Login Security Bypass Vulnerability
2015-03-20 00:00:00
cvelist
cvelist
CVE-2015-0653
2015-03-13 01:00:00
cve
cve
CVE-2015-0653
2015-03-13 01:59:32
ptsecurity
ptsecurity
PT-2014-26: Authentication Bypass in Cisco TelePresence VCS, Cisco Expressway, and Cisco TelePresence Conductor
2014-09-25 00:00:00
prion
prion
Authentication flaw
2015-03-13 01:59:00
cisco
cisco
Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway, and Cisco TelePresence Conductor
2015-03-11 16:00:00
securityvulns
securityvulns
Cisco Telepresence / Cisco Expressway security vulnerabilities
2015-03-16 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

69.7%

JSON
Related for CISCO_TELEPRESENCE_CONDUCTOR_SA_CSCUR05556.NASL
nvd1nessus1cvelist1cve1ptsecurity1prion1cisco1securityvulns1