Vulnerability in Cisco Mediasense
CVE-2014-0672
The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface.
EPSS: 0.005 (66.4th percentile) — read the EPSS interpretation.
Affected products
- Cisco Mediasense
- N/a — versions n/a
Weakness classification (CWE)
References
- 1029668 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- 102342 (x_refsource_OSVDB, vdb-entry, Broken Link)
- psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
- cisco-mediasense-cve20140672-info-disc(90616) (vdb-entry, x_refsource_XF)
- 56600 (Permissions Required, x_refsource_SECUNIA, third-party-advisory)
- 65054 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- 20140121 Cisco MediaSense Search and Play Authorization Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)