English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.107002
Category:CISCO
Title:Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability (cisco-sa-20160504-tpxml)
Summary:Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software are vulnerable to a; vulnerability in the XML application programming interface (API) which could allow an unauthenticated, remote; attacker to bypass authentication and access a targeted system through the API
Description:Summary:
Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software are vulnerable to a
vulnerability in the XML application programming interface (API) which could allow an unauthenticated, remote
attacker to bypass authentication and access a targeted system through the API

Vulnerability Insight:
The vulnerability is due to improper implementation of authentication mechanisms for the XML
API of the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the XML API.

Vulnerability Impact:
A successful exploit could allow the attacker to perform unauthorized configuration changes
or issue control commands to the affected system by using the API.

Affected Software/OS:
This vulnerability affects Cisco TelePresence Software releases TC 7.2.0, TC 7.2.1, TC 7.3.0,
TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, and CE 8.1.0 running on the following Cisco products:

- TelePresence EX Series

- TelePresence Integrator C Series

- TelePresence MX Series

- TelePresence Profile Series

- TelePresence SX Series

- TelePresence SX Quick Set Series

- TelePresence VX Clinical Assistant

- TelePresence VX Tactical

Solution:
Update to version 7.3.6, 8.1.1 or later.

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-1387
Cisco Security Advisory: 20160504 Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml
http://www.securitytracker.com/id/1035744
CopyrightCopyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.