CVE-2015-4319

CWE-2554 documents4 sources

Severity

5.5MEDIUM

EPSS

0.6%

top 30.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence Video Communication Server Software

Timeline

PublishedAug 20

Latest updateMay 17

Description

The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors, aka Bug ID CSCuv12338.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 8.0 | Impact: 4.9

Affected Packages1 packages

▶NVDcisco/telepresence_video_communicationx8.5.1

🔴Vulnerability Details

GHSA

GHSA-c273-jjf4-fr9f: The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8↗2022-05-17

▶

CVEList

CVE-2015-4319: The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8↗2015-08-20

▶

📋Vendor Advisories

Cisco

Cisco TelePresence Video Communication Server Expressway Access Vulnerability↗2015-08-14

▶