CyberSec.Space Logo
CVEブラウザに戻る

CVE-2015-0653

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1360%
EPSS Percentile40.85th
Published2015年3月13日
Last Modified2026年5月6日

Vulnerability Description

The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to bypass authentication via crafted login parameters, aka Bug IDs CSCur02680 and CSCur05556.

Affected Platforms (CPE)

📦
Cisco

Expressway Software

>= x7.2 and < x7.2.4
📦
Cisco

Expressway Software

>= x8.1 and < x8.1.2
📦
Cisco

Expressway Software

>= x8.2 and < x8.2.2
📦
Cisco

Telepresence Conductor

>= x2.3 and < x2.3.1
📦
Cisco

Telepresence Conductor

>= xc2.4 and < xc2.4.1
📦
Cisco

Telepresence Video Communication Server Software

>= x7.2 and < x7.2.4
📦
Cisco

Telepresence Video Communication Server Software

>= x8.1 and < x8.1.2
📦
Cisco

Telepresence Video Communication Server Software

>= x8.2 and < x8.2.2

References & Advisories

🔗 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs
🔗 http://www.securitytracker.com/id/1031910
🔗 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs
🔗 http://www.securitytracker.com/id/1031910

関連する脆弱性情報

CVE-2017-37908.6

A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) s...

CVE-2014-33687.8

Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote attackers to cause a denial o...

CVE-2014-33707.1

Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allow remote attackers to cause a denial...

CVE-2014-33697.1

The SIP IX implementation in Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allows remo...