CVE-2019-1660
MEDIUMCisco TelePresence Management Suite - Unauthenticated Improper Access Control via SOAP Interface
Title source: llmDescription
A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to a lack of proper access and authentication controls on the affected TMS software. An attacker could exploit this vulnerability by gaining access to internal, trusted networks to send crafted SOAP calls to the affected device. If successful, an exploit could allow the attacker to access system management tools. Under normal circumstances, this access should be prohibited.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-tms-soap
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106918
Scores
CVSS v3
5.3
EPSS
0.0221
EPSS Percentile
80.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-264
CWE-284
Status
published
Products (8)
cisco/telepresence_management_suite
15.0
cisco/telepresence_management_suite
15.1
cisco/telepresence_management_suite
15.2.1
cisco/telepresence_management_suite
15.3
cisco/telepresence_management_suite
15.4
cisco/telepresence_management_suite
15.5
cisco/telepresence_management_suite
15.6
cisco/telepresence_management_suite
15.7
Published
Feb 07, 2019
Tracked Since
Feb 18, 2026