SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Multimedia)  >   Cisco TelePresence Vendors:   Cisco
Cisco TelePresence Video Communication Server Lets Remote Users Bypass Authentication on the Target System
SecurityTracker Alert ID:  1036237
SecurityTracker URL:  http://securitytracker.com/id/1036237
CVE Reference:   CVE-2016-1444   (Links to External Site)
Date:  Jul 7 2016
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): X8.1 and after
Description:   A vulnerability was reported in Cisco TelePresence Video Communication Server. A remote user can bypass authentication.

A remote user with a trusted certificate can exploit a certificate management and validation flaw in the Mobile and Remote Access (MRA) feature to bypass authentication on the target system and access internal web resources.

Cisco Expressway Series is also affected.

The vendor has assigned bug ID CSCuz64601 to this vulnerability.

Impact:   A remote user can bypass authentication and access internal web resources on the target system.
Solution:   The vendor has issued a fix.

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs (Links to External Site)
Cause:   Authentication error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC