9.8

CVE-2016-1387

EPSS 1.44%
Veröffentlicht 05.05.2016 21:59:04
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Telepresence Tc Software Version7.2.0

Cisco ≫ Telepresence Tc Software Version7.2.1

Cisco ≫ Telepresence Tc Software Version7.3.0

Cisco ≫ Telepresence Tc Software Version7.3.1

Cisco ≫ Telepresence Tc Software Version7.3.2

Cisco ≫ Telepresence Tc Software Version7.3.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.44%	0.789

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	10	8.5	AV:N/AC:L/Au:N/C:P/I:P/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml

Vendor Advisory

http://www.securitytracker.com/id/1035744

https://nvd.nist.gov/vuln/detail/CVE-2016-1387

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1387

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1387

EUVD