Authentication flaw

2016-07-0714:59:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.1%

JSON

The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.

CPENameOperatorVersion
telepresence_video_communication_servereq8.1.1120
telepresence_video_communication_servereq8.7.120
telepresence_video_communication_servereq8.5.2120
telepresence_video_communication_servereq8.2.1120
telepresence_video_communication_servereq8.2.2120
telepresence_video_communication_servereq8.1.2120
telepresence_video_communication_servereq8.5.1120
telepresence_video_communication_servereq8.6.120
telepresence_video_communication_servereqx8.5 rc4
telepresence_video_communication_servereq8.6.1120

Name	Operator	Version
telepresence_video_communication_server	eq	8.1.1120
telepresence_video_communication_server	eq	8.7.120
telepresence_video_communication_server	eq	8.5.2120
telepresence_video_communication_server	eq	8.2.1120
telepresence_video_communication_server	eq	8.2.2120
telepresence_video_communication_server	eq	8.1.2120
telepresence_video_communication_server	eq	8.5.1120
telepresence_video_communication_server	eq	8.6.120
telepresence_video_communication_server	eq	x8.5 rc4
telepresence_video_communication_server	eq	8.6.1120