CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
68.1%
The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account’s access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | telepresence_system_software_ix | 8.0.0 | cpe:2.3:o:cisco:telepresence_system_software_ix:8.0.0:*:*:*:*:*:*:* |
cisco | telepresence_system_software_ix | 8.0.1 | cpe:2.3:o:cisco:telepresence_system_software_ix:8.0.1:*:*:*:*:*:*:* |
cisco | telepresence_ix5000 | * | cpe:2.3:h:cisco:telepresence_ix5000:*:*:*:*:*:*:*:* |
cisco | telepresence_ix5200 | * | cpe:2.3:h:cisco:telepresence_ix5200:*:*:*:*:*:*:*:* |