Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0611

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2015-0611
Last Modified 18 Feb 2015 10:01:15
Published 11 Feb 2015 08:59:27
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2015-0611

Summary

The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174.

Vulnerable Systems

Operating System

  • Cisco Telepresence System Software Ix 8.0.0

  • Cisco Telepresence System Software Ix 8.0.1


References

CONFIRM - http://tools.cisco.com/security/center/viewAlert.x?alertId=37430

CISCO - 20150210 Cisco TelePresence IX5000 Series Web Management Vulnerability

XF - cisco-cve20150611-priv-esc(100806)

SECTRACK - 1031733

BID - 72568


Last Updated: 27 May 2016 11:07:52