Information disclosure in Cisco Telepresence_video_communication_server_software

CVE-2015-6261

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establish…

Vulnerability class: Information Disclosure

EPSS: 0.002 (35.4th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_video_communication_server_software — versions x8.5.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

1033379 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
20150825 Cisco TelePresence Video Communication Server Expressway TFTP Information Disclosure Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)