CVE-2015-0653

Cisco Expressway Software < x7.2.4 - Authentication Bypass

Title source: rule

Description

The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to bypass authentication via crafted login parameters, aka Bug IDs CSCur02680 and CSCur05556.

References (2)

[Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1031910

Scores

EPSS 0.0780

EPSS Percentile 91.8%

Classification

CWE

CWE-287

Status draft

Affected Products (3)

cisco/expressway_software < x7.2.4

cisco/telepresence_conductor < x2.3.1

cisco/telepresence_video_communication_server_software < x7.2.4

Timeline

Published Mar 13, 2015

Tracked Since Feb 18, 2026