Auth bypass in Cisco Telepresence_manager

CVE-2011-0380

Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562.

Vulnerability class: Broken Authentication

EPSS: 0.005 (64.8th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_manager — versions 1.2.0.0, 1.3.2, 1.4.0
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

telepresence-soap-security-bypass(65618) (vdb-entry, x_refsource_XF)
46526 (vdb-entry, x_refsource_BID)
1025111 (vdb-entry, x_refsource_SECTRACK)
20110223 Multiple Vulnerabilities in Cisco TelePresence Manager (x_refsource_CISCO, vendor-advisory, Vendor Advisory)