Impersonation Vulnerability in Cisco TelePresence Video Communication Server
CVE-2015-4316

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Video Communication Server Software
Vendor: CVE Published:; 20 August 2015

Summary

The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 fails to properly validate the phone line used for registration. This vulnerability allows remote authenticated users to carry out impersonation attacks by crafting malicious registration attempts. An attacker exploiting this vulnerability can pose as legitimate users, potentially leading to unauthorized access and manipulation of sensitive communications.

References

http://www.securityfocus.com/bid/76353

vdb-entryx_refsource_BID

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1033282

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Aug 20, 2015
Vulnerability Reserved
Jun 4, 2015