Vulnerability Details : CVE-2016-1387
The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935.
Products affected by CVE-2016-1387
- cpe:2.3:a:cisco:telepresence_tc_software:7.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_tc_software:7.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_tc_software:7.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_tc_software:7.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_tc_software:7.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_tc_software:7.3.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1387
1.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1387
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.0
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:C |
10.0
|
8.5
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-1387
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1387
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml
Cisco TelePresence XML Application Programming Interface Authentication Bypass VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1035744
Cisco TelePresence Codec and Collaboration Endpoint XML API Bug Lets Remote Users Bypass Authentication on the Target System - SecurityTracker
Jump to