Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco TelePresence Server API Privilege Vulnerability

cisco-sa-20170315-tps · Medium · Published · Updated

A vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. The vulnerability is due to how session identification information is maintained by a specific API of the affected software. An attacker could exploit this vulnerability by snooping temporary, unencrypted keys on an affected system. A successful exploit could allow the attacker to emulate a Cisco TelePresence Server endpoint. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tps

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-3815
Cisco Bug IDsCSCvc37616
CVSS ScoreBase 5.3
Base 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco TelePresence Server Software, Cisco TelePresence Server

Related Products

Product CVE Evidence
Cisco TelePresence Server Software CVE-2017-3815 Cisco OpenVuln
Cisco TelePresence Server CVE-2017-3815 Cisco OpenVuln
Cisco TelePresence CVE-2017-3815 Cisco OpenVuln