CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
47.1%
The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | telepresence_video_communication_server | x8.1 | cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1:*:*:*:*:*:*:* |
cisco | telepresence_video_communication_server | x8.1.1 | cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:*:*:*:* |
cisco | telepresence_video_communication_server | x8.1.2 | cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.2:*:*:*:*:*:*:* |
cisco | telepresence_video_communication_server | x8.2 | cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:*:*:*:* |
cisco | telepresence_video_communication_server | x8.2.1 | cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.1:*:*:*:*:*:*:* |
cisco | telepresence_video_communication_server | x8.2.2 | cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:*:*:*:* |
cisco | telepresence_video_communication_server | x8.5 | cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:rc4:*:*:*:*:*:* |
cisco | telepresence_video_communication_server | x8.5.0 | cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.0:*:*:*:*:*:*:* |
cisco | telepresence_video_communication_server | x8.5.1 | cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:*:*:*:* |
cisco | telepresence_video_communication_server | x8.5.2 | cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.2:*:*:*:*:*:*:* |
More
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
47.1%