Vulnslist

find the latest Cisco vulnerabilities

Cisco Unified Communications Manager Mobile and Remote Access Services Identity Attack Vulnerability

cisco-sa-20151209-ucm · Medium · Published · Updated

A vulnerability in edge devices of the Cisco Unified Communications Manager using Mobile and Remote Access (MRA) services could allow an unauthenticated, remote attacker to perform an identity theft attack. The vulnerability is due to improper identity validation of the edge devices. An attacker could exploit this vulnerability by spoofing a user's identity and taking ownership of the edge device. A successful exploit will allow the attacker to setup and receive voice calls acting as the registered user of the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ucm

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2015-6410
Cisco Bug IDsCSCuu97283
CVSS ScoreBase 4.0
Base 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco TelePresence Video Communication Server (VCS)

Related Products

Product CVE Evidence
Cisco Unified Communications Manager CVE-2015-6410 Cisco OpenVuln
Cisco TelePresence Video Communication Server (VCS) CVE-2015-6410 Cisco OpenVuln
Cisco TelePresence CVE-2015-6410 Cisco OpenVuln