CiscoCISCO-SA-20150211-CVE-2015-0611Cisco TelePresence IX5000 Series Web Management Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
68.1%
A vulnerability in the administrative web management portal of Cisco TelePresence IX5000 Series devices could allow an authenticated, remote attacker to gain unauthorized access to certain pages in the web interface.
The vulnerability is due to a failure to properly restrict access given to the device recovery account. An attacker could exploit this vulnerability by authenticating with the affected account. Successful exploitation could allow the attacker to gain privileges equal to the HelpDesk account on the administrative web interface.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, an attacker must authenticate with the recovery account on the targeted device. This requirement may reduce the likelihood of a successful exploit.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | telepresence_system_software | any | cpe:2.3:a:cisco:telepresence_system_software:any:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
68.1%