CVE-2015-6410

CWE-20Improper Input Validation5 documents5 sources
Severity
4.0MEDIUM
EPSS
0.2%
top 60.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Telepresence Video Communication Server Software
Timeline
PublishedDec 14
Latest updateMay 17

Description

The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-reception and call-setup restrictions by spoofing a user, aka Bug ID CSCuu97283.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-vjgm-xxw7-95f8: The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which a2022-05-17
CVEList
CVE-2015-6410: The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which a2015-12-14
OSV
nbd vulnerabilities2015-07-22

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager Mobile and Remote Access Services Identity Attack Vulnerability2015-12-09
CVE-2015-6410 (MEDIUM CVSS 4) | The Mobile and Remote Access (MRA) | cvebase.io