CVE-2015-0653

Cisco Expressway/TelePresence Unauthenticated Authentication Bypass via Crafted Login

Title source: llm

Description

The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to bypass authentication via crafted login parameters, aka Bug IDs CSCur02680 and CSCur05556.

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1031910

Vendor Advisory vendor-advisory x_refsource_cisco

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs

Scores

EPSS 0.0434

EPSS Percentile 90.0%

Details

CWE

CWE-287

Status published

Products (3)

cisco/expressway_software x7.2 - x7.2.4

cisco/telepresence_conductor x2.3 - x2.3.1

cisco/telepresence_video_communication_server_software x7.2 - x7.2.4

Published Mar 13, 2015

Tracked Since Feb 18, 2026