CVE-2016-1387 Information

Description

The XML API in TelePresence Codec (TC) 7.2.0 7.2.1 7.3.0 7.3.1 7.3.2 7.3.3 7.3.4 and 7.3.5 and Collaboration Endpoint (CE) 8.0.0 8.0.1 and 8.1.0 in Cisco TelePresence Software mishandles authentication which allows remote attackers to execute control commands or make configuration changes via an API request aka Bug ID CSCuz26935.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml http://www.securitytracker.com/id/1035744

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8