CVE-2016-1387

CRITICAL

Cisco TelePresence Software - RCE

Title source: llm

Description

The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935.

References (2)

Scores

CVSS v3 9.8
EPSS 0.0144
EPSS Percentile 80.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-287
Status draft

Affected Products (6)

cisco/telepresence_tc_software
cisco/telepresence_tc_software
cisco/telepresence_tc_software
cisco/telepresence_tc_software
cisco/telepresence_tc_software
cisco/telepresence_tc_software

Timeline

Published May 05, 2016
Tracked Since Feb 18, 2026