← Back

CVE-2015-0611

nvd nist
Published: Feb 12, 2015Modified: May 6, 2026

JSON object

Loading...
6.5
Vector
AV:N/AC:L/Au:S/C:P/I:P/A:P
Exploitability: 8.0 / Impact: 6.4
Source: NVD

Description

The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174.

Affected (2)

Cisco
1 product
Telepresence System Software Ix
Configuration A
2 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Cisco
Telepresence System Software Ix
Version 8.0.0
Telepresence System Software Ix
Version 8.0.1
Running on/withPlatform Versions
Cisco
Telepresence Ix5000
All versions
Cisco
Telepresence Ix5200
All versions

Related CWEs

CWE-264
CWE-264

References (10)

Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.