CVE-2015-4316

CWE-20Improper Input Validation4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.5%
top 36.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Telepresence Video Communication Server Software
Timeline
PublishedAug 20
Latest updateMay 17

Description

The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, which allows remote authenticated users to conduct impersonation attacks via a crafted registration, aka Bug ID CSCuv40396.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 8.0 | Impact: 4.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-2mgc-vc9w-hfw7: The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X82022-05-17
CVEList
CVE-2015-4316: The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X82015-08-20

📋Vendor Advisories

1
Cisco
Cisco TelePresence Video Communication Server Expressway Access Vulnerability2015-08-13
CVE-2015-4316 (MEDIUM CVSS 5.5) | The Mobile and Remote Access (MRA) | cvebase.io