CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2016-1387

CVSS 9.8v3.0pub. 2016-05-05upd. 2026-05-06

The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cisco Telepresence Tc Software

    APP
    Cisco
    7.2.07.2.17.3.07.3.17.3.27.3.3
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2017-6648HIGH7.5ten sam produkt

A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboratio...

CVE-2015-0722HIGH7.8ten sam produkt

The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 all...

CVE-2014-2174HIGH8.3ten sam produkt

Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control...

CVE-2014-2165HIGH7.8ten sam produkt

The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote...

CVE-2014-2163HIGH7.8ten sam produkt

The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remote attacke...