CVE-2015-0611

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence System Software Ix
Vendor: CVE Published:; 12 February 2015

Summary

The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174.

References

http://www.securityfocus.com/bid/72568

vdb-entryx_refsource_BID

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

https://exchange.xforce.ibmcloud.com/vulnerabilities/100806

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 12, 2015
Vulnerability Reserved
Jan 7, 2015