CVE-2016-1387

Published: May 5, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935.

Affected (6)

Products: Cisco: Telepresence Tc Software

Cisco

1 product

Telepresence Tc Software

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Cisco Telepresence Tc Software	Version 7.2.0
Cisco Telepresence Tc Software	Version 7.2.1
Cisco Telepresence Tc Software	Version 7.3.0
Cisco Telepresence Tc Software	Version 7.3.1
Cisco Telepresence Tc Software	Version 7.3.2
Cisco Telepresence Tc Software	Version 7.3.3

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1035744

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1035744

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.