Lucene search

K

[email protected]NVD:CVE-2015-0653

HistoryMar 13, 2015 - 1:59 a.m.

CVE-2015-0653

2015-03-1301:59:32

CWE-287

[email protected]

web.nvd.nist.gov

1

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.7%

The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to bypass authentication via crafted login parameters, aka Bug IDs CSCur02680 and CSCur05556.

Affected configurations

NVD

Node

ciscoexpressway_softwareRangex7.2–x7.2.4

OR

ciscoexpressway_softwareRangex8.1–x8.1.2

OR

ciscoexpressway_softwareRangex8.2–x8.2.2

OR

ciscotelepresence_conductorRangex2.3–x2.3.1

OR

ciscotelepresence_conductorRangexc2.4–xc2.4.1

OR

ciscotelepresence_video_communication_server_softwareRangex7.2–x7.2.4

OR

ciscotelepresence_video_communication_server_softwareRangex8.1–x8.1.2

OR

ciscotelepresence_video_communication_server_softwareRangex8.2–x8.2.2

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs

www.securitytracker.com/id/1031910

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.7%

Related for NVD:CVE-2015-0653

nessus2 cvelist1 cve1 ptsecurity1 prion1 cisco1 securityvulns1