XML Parsing Vulnerability in Cisco TelePresence Management Suite
CVE-2015-0620

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Management Suite
Vendor: CVE Published:; 18 February 2015

Summary

The XML parser within Cisco TelePresence Management Suite (TMS) versions 14.3 and earlier is susceptible to improper handling of external entities. This vulnerability can be exploited by remote authenticated users through crafted POST requests, leading to denial of service conditions. If left unaddressed, it could significantly disrupt services and impact the availability of the system.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/100924

vdb-entryx_refsource_XF

http://www.securitytracker.com/id/1031753

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 18, 2015
Vulnerability Reserved
Jan 7, 2015