Information Disclosure in Cisco TelePresence IX5000 by Cisco
CVE-2015-6276

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence System Software Ix
Vendor: CVE Published:; 5 September 2015

What is CVE-2015-6276?

The Cisco TelePresence IX5000 version 8.0.3 contains a vulnerability that exposes a private key associated with an X.509 certificate due to improper access control. This security flaw enables remote attackers to obtain cleartext versions of HTTPS traffic or potentially spoof devices by sending direct requests to the directory where the certificate is stored. Proper measures should be taken to secure the private key against unauthorized access to mitigate this risk.

References

http://www.securitytracker.com/id/1033477

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2015
Vulnerability Reserved
Aug 17, 2015