CiscoCISCO-SA-20150714-CVE-2015-4271Cisco TelePresence Integrator C Series Multiple Request Parameter Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
Percentile
55.3%
A vulnerability in Cisco TelePresence Integrator C Series could allow an unauthenticated, remote attacker to bypass authentication.
The vulnerability is due to insufficient validation of user-supplied values. An attacker could exploit this vulnerability by sending multiple request parameters to an affected device.
Cisco has confirmed the vulnerability and released software updates.
A successful exploit of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the targeted device. If successful, the attacker could have the ability to conduct further attacks, which may impact the confidentiality, integrity, or availability of the device.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | telepresence_tc_software | any | cpe:2.3:a:cisco:telepresence_tc_software:any:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
Percentile
55.3%