Auth bypass in Cisco Expressway_software

CVE-2015-0653

The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows rem…

Vulnerability class: Broken Authentication

EPSS: 0.078 (92.1th percentile) — read the EPSS interpretation.

Affected products

Cisco Expressway_software
Cisco Telepresence_conductor
Cisco Telepresence_video_communication_server_software
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

1031910 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
20150311 Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway, and Cisco TelePresence Conductor (x_refsource_CISCO, vendor-advisory, Vendor Advisory)