CVE-2019-1660

MEDIUM

Cisco TelePresence Management Suite - Unauthenticated Improper Access Control via SOAP Interface

Title source: llm
STIX 2.1

Description

A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to a lack of proper access and authentication controls on the affected TMS software. An attacker could exploit this vulnerability by gaining access to internal, trusted networks to send crafted SOAP calls to the affected device. If successful, an exploit could allow the attacker to access system management tools. Under normal circumstances, this access should be prohibited.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106918

Scores

CVSS v3 5.3
EPSS 0.0221
EPSS Percentile 80.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-264 CWE-284
Status published
Products (8)
cisco/telepresence_management_suite 15.0
cisco/telepresence_management_suite 15.1
cisco/telepresence_management_suite 15.2.1
cisco/telepresence_management_suite 15.3
cisco/telepresence_management_suite 15.4
cisco/telepresence_management_suite 15.5
cisco/telepresence_management_suite 15.6
cisco/telepresence_management_suite 15.7
Published Feb 07, 2019
Tracked Since Feb 18, 2026