Access Restriction Bypass in Cisco TelePresence Video Communication Server
CVE-2015-6261

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Video Communication Server Software
Vendor: CVE Published:; 26 August 2015

Summary

The Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 is vulnerable to an access restriction bypass that can be exploited by remote authenticated users. By leveraging the Mobile and Remote Access (MRA) role, these users can establish a TFTP session, potentially allowing them to read sensitive configuration files that should remain protected. This vulnerability highlights the need for robust access controls and security measures to safeguard critical server configurations.

References

http://www.securitytracker.com/id/1033379

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Aug 26, 2015
Vulnerability Reserved
Aug 17, 2015