Web Management Portal Vulnerability in Cisco TelePresence IX5000 Devices
CVE-2015-0611

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence System Software Ix
Vendor: CVE Published:; 12 February 2015

Summary

The web management portal in Cisco IX 8.0.1 and earlier versions of Cisco TelePresence IX5000 devices is vulnerable due to insufficient restrictions on the device-recovery account's access. This allows remote authenticated users to escalate their privileges to HelpDesk-equivalent status through the exploitation of device-recovery authentication. As a result, unauthorized users can potentially manipulate system settings, putting sensitive data and device security at risk.

References

http://www.securityfocus.com/bid/72568

vdb-entryx_refsource_BID

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

https://exchange.xforce.ibmcloud.com/vulnerabilities/100806

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 12, 2015
Vulnerability Reserved
Jan 7, 2015