Vulnerability in Cisco Telepresence_video_communication_server_software

CVE-2015-4319

The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-u…

EPSS: 0.006 (69.8th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_video_communication_server_software — versions x8.5.1
N/a — versions n/a

Weakness classification (CWE)

CWE-255

References

76366 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
1033323 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
20150814 Cisco TelePresence Video Communication Server Expressway Access Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)