Detections
Analytics
Cisco TelePresence TC Software Parameter Authentication Bypass (CSCuv00604)
medium Nessus Plugin ID 85895
Language:
Synopsis
The remote host is missing a vendor-supplied security patch.Description
The version of Cisco TelePresence TC software running on the remote host is affected by an unspecified flaw due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to bypass authentication mechanisms by sending multiple request parameters to the affected host.Solution
Apply the appropriate patch referenced in Cisco bug ID CSCuv00604.See Also
https://tools.cisco.com/security/center/viewAlert.x?alertId=39880
Plugin Details
Severity: Medium
ID: 85895
File Name: cisco-CSCuv00604-tc.nasl
Version: 1.4
Type: remote
Family: CISCO
Published: 9/10/2015
Updated: 7/2/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.0
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 4.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
Vulnerability Information
CPE: cpe:/a:cisco:telepresence_tc_software
Required KB Items: Cisco/TelePresence_MCU/Device, Cisco/TelePresence_MCU/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 7/14/2015
Vulnerability Publication Date: 7/14/2015
Reference Information
CVE: CVE-2015-4271
BID: 75939
CISCO-BUG-ID: CSCuv00604