Cisco-SA-20150714-CVE-2015-4271

Cisco TelePresence Integrator C Series Multiple Request Parameter Vulnerability

Cisco-SA-20150714-CVE-2015-4271 · Medium · Published 10 years ago · Updated 10 years ago

A vulnerability in Cisco TelePresence Integrator C Series could allow an unauthenticated, remote attacker to bypass authentication. The vulnerability is due to insufficient validation of user-supplied values. An attacker could exploit this vulnerability by sending multiple request parameters to an affected device. Cisco has confirmed the vulnerability and released software updates. A successful exploit of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the targeted device. If successful, the attacker could have the ability to conduct further attacks, which may impact the confidentiality, integrity, or availability of the device. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

CVEs	CVE-2015-4271
Cisco Bug IDs	CSCuv00604
CVSS Score	Base 6.4 Base 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N/E:F/RL:OF/RC:C
Product Names From Source	Cisco TelePresence TC Software

Related Products

Product	CVE	Evidence
Cisco TelePresence TC Software	CVE-2015-4271	Cisco OpenVuln
Cisco TelePresence	CVE-2015-4271	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco TelePresence Integrator C Series Multiple Request Parameter Vulnerability

Workarounds

Related Products