Cisco TelePresence Codec and Collaboration Endpoint XML API Bug Lets Remote Users Bypass Authentication on the Target System
|
|
SecurityTracker Alert ID: 1035744 |
|
SecurityTracker URL: http://securitytracker.com/id/1035744
|
|
CVE Reference:
CVE-2016-1387
(Links to External Site)
|
Date: May 4 2016
|
Impact:
Execution of arbitrary code via network, Modification of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): TC 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5; CE 8.0.0, 8.0.1, 8.1.0
|
Description:
A vulnerability was reported in Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE). A remote user can bypass authentication.
A remote user can send a specially crafted HTTP request to the target XML API to bypass authentication and modify the configuration or execute control commands.
The following models are affected:
TelePresence EX Series
TelePresence Integrator C Series
TelePresence MX Series
TelePresence Profile Series
TelePresence SX Series
TelePresence SX Quick Set Series
TelePresence VX Clinical Assistant
TelePresence VX Tactical
The vendor has assigned bug ID CSCuz26935 to this vulnerability.
|
Impact:
A remote user can modify the configuration or execute control commands.
|
Solution:
The vendor has issued a fix (TC 7.3.6; CE 8.1.1).
The vendor's advisory is available at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml
|
Vendor URL: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml (Links to External Site)
|
Cause:
Authentication error
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
