var-201605-0549
Vulnerability from variot
The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935. Vendors have confirmed this vulnerability Bug ID CSCuz26935 It is released as.By a third party API Control commands may be executed or settings may be changed via requests. Cisco TelePresence Software is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCuz26935. This issue affects Cisco TelePresence Software versions TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, and CE 8.1.0 running on the following Cisco products: TelePresence EX Series TelePresence Integrator C Series TelePresence MX Series TelePresence Profile Series TelePresence SX Series TelePresence SX Quick Set Series TelePresence VX Clinical Assistant TelePresence VX Tactical
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0549",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "7.2.0"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "7.2.1"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "7.3.0"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "7.3.1"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "7.3.2"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "7.3.3"
},
{
"model": "telepresence ce software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.0.0"
},
{
"model": "telepresence ce software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.0.1"
},
{
"model": "telepresence ce software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.1.0"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.3.4"
},
{
"model": "telepresence tc software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.3.5"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002464"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-109"
},
{
"db": "NVD",
"id": "CVE-2016-1387"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:telepresence_ce_software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:telepresence_tc_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002464"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "89912"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-109"
}
],
"trust": 0.9
},
"cve": "CVE-2016-1387",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1387",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-90206",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1387",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1387",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-1387",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-109",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-90206",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90206"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002464"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-109"
},
{
"db": "NVD",
"id": "CVE-2016-1387"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935. Vendors have confirmed this vulnerability Bug ID CSCuz26935 It is released as.By a third party API Control commands may be executed or settings may be changed via requests. Cisco TelePresence Software is prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. \nThis issue is tracked by Cisco Bug ID CSCuz26935. \nThis issue affects Cisco TelePresence Software versions TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, and CE 8.1.0 running on the following Cisco products:\nTelePresence EX Series\nTelePresence Integrator C Series\nTelePresence MX Series\nTelePresence Profile Series\nTelePresence SX Series\nTelePresence SX Quick Set Series\nTelePresence VX Clinical Assistant\nTelePresence VX Tactical",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1387"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002464"
},
{
"db": "BID",
"id": "89912"
},
{
"db": "VULHUB",
"id": "VHN-90206"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1387",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1035744",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002464",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-109",
"trust": 0.7
},
{
"db": "BID",
"id": "89912",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-90206",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90206"
},
{
"db": "BID",
"id": "89912"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002464"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-109"
},
{
"db": "NVD",
"id": "CVE-2016-1387"
}
]
},
"id": "VAR-201605-0549",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90206"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:13:18.708000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160504-tpxml",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml"
},
{
"title": "Cisco TelePresence Codec and Collaboration Endpoint Software Fixes for authentication bypassing vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61432"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002464"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-109"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90206"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002464"
},
{
"db": "NVD",
"id": "CVE-2016-1387"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-tpxml"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035744"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1387"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1387"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90206"
},
{
"db": "BID",
"id": "89912"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002464"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-109"
},
{
"db": "NVD",
"id": "CVE-2016-1387"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90206"
},
{
"db": "BID",
"id": "89912"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002464"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-109"
},
{
"db": "NVD",
"id": "CVE-2016-1387"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-90206"
},
{
"date": "2016-05-04T00:00:00",
"db": "BID",
"id": "89912"
},
{
"date": "2016-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002464"
},
{
"date": "2016-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-109"
},
{
"date": "2016-05-05T21:59:04.423000",
"db": "NVD",
"id": "CVE-2016-1387"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-01T00:00:00",
"db": "VULHUB",
"id": "VHN-90206"
},
{
"date": "2016-05-04T00:00:00",
"db": "BID",
"id": "89912"
},
{
"date": "2016-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002464"
},
{
"date": "2016-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-109"
},
{
"date": "2024-11-21T02:46:20.900000",
"db": "NVD",
"id": "CVE-2016-1387"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-109"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco TelePresence Software TC and CE of XML API Vulnerable to executing control commands",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002464"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-109"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…