Описание
The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:cisco:telepresence_system_software_ix:8.0.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:telepresence_system_software_ix:8.0.1:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:cisco:telepresence_ix5000:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:telepresence_ix5200:*:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00612
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174.
EPSS
Процентиль: 69%
0.00612
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-264