CVE-2016-1387
CRITICALCisco TelePresence TC and CE Software - Improper Authentication via XML API
Title source: llmDescription
The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035744
Scores
CVSS v3
9.8
EPSS
0.0178
EPSS Percentile
75.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (6)
cisco/telepresence_tc_software
7.2.0
cisco/telepresence_tc_software
7.2.1
cisco/telepresence_tc_software
7.3.0
cisco/telepresence_tc_software
7.3.1
cisco/telepresence_tc_software
7.3.2
cisco/telepresence_tc_software
7.3.3
Published
May 05, 2016
Tracked Since
Feb 18, 2026