SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Multimedia)  >   Cisco TelePresence Vendors:   Cisco
Cisco TelePresence Codec and Collaboration Endpoint XML API Bug Lets Remote Users Bypass Authentication on the Target System
SecurityTracker Alert ID:  1035744
SecurityTracker URL:  http://securitytracker.com/id/1035744
CVE Reference:   CVE-2016-1387   (Links to External Site)
Date:  May 4 2016
Impact:   Execution of arbitrary code via network, Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): TC 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5; CE 8.0.0, 8.0.1, 8.1.0
Description:   A vulnerability was reported in Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE). A remote user can bypass authentication.

A remote user can send a specially crafted HTTP request to the target XML API to bypass authentication and modify the configuration or execute control commands.

The following models are affected:

TelePresence EX Series
TelePresence Integrator C Series
TelePresence MX Series
TelePresence Profile Series
TelePresence SX Series
TelePresence SX Quick Set Series
TelePresence VX Clinical Assistant
TelePresence VX Tactical

The vendor has assigned bug ID CSCuz26935 to this vulnerability.

Impact:   A remote user can modify the configuration or execute control commands.
Solution:   The vendor has issued a fix (TC 7.3.6; CE 8.1.1).

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml (Links to External Site)
Cause:   Authentication error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC