Authorization Flaw in Cisco TelePresence Video Communication Server
CVE-2015-4319

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Video Communication Server Software
Vendor: CVE Published:; 20 August 2015

Summary

The administrative web interface of Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 is affected by an authorization vulnerability. This flaw allows remote authenticated users to improperly reset passwords for active users, potentially compromising accounts without proper authorization procedures being followed. This issue underscores the importance of robust access controls in administrative interfaces to protect sensitive operations from potential misuse.

References

http://www.securityfocus.com/bid/76366

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1033323

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Aug 20, 2015
Vulnerability Reserved
Jun 4, 2015