Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability

Information

Severity

Severity

Critical

Family

Family

CISCO

CVSSv2 Base

CVSSv2 Base

9.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

6 years ago

Modified

Modified

3 years ago

Summary

Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software are vulnerable to a vulnerability in the XML application programming interface (API) which could allow an unauthenticated, remote attacker to bypass authentication and access a targeted system through the API

Insight

Insight

The vulnerability is due to improper implementation of authentication mechanisms for the XML API of the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the XML API.

Affected Software

Affected Software

This vulnerability affects Cisco TelePresence Software releases TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, and CE 8.1.0 running on the following Cisco products: - TelePresence EX Series - TelePresence Integrator C Series - TelePresence MX Series - TelePresence Profile Series - TelePresence SX Series - TelePresence SX Quick Set Series - TelePresence VX Clinical Assistant - TelePresence VX Tactical

Detection Method

Detection Method

The script detects the firmware version.

Solution

Solution

Update to version 7.3.6, 8.1.1 or later.

Common Vulnerabilities and Exposures (CVE)