CVE-2016-1387

CWE-287 — Improper Authentication4 documents4 sources

Severity

9.8CRITICAL

EPSS

1.4%

top 19.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence TC Software

Timeline

PublishedMay 5

Latest updateMay 17

Description

The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDcisco/telepresence_tc_software6 versions+5

🔴Vulnerability Details

GHSA

GHSA-p6fp-5rvv-m3w2: The XML API in TelePresence Codec (TC) 7↗2022-05-17

▶

CVEList

CVE-2016-1387: The XML API in TelePresence Codec (TC) 7↗2016-05-05

▶

📋Vendor Advisories

Cisco

Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability↗2016-05-04

▶