Vulnerability Description
The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Telepresence System Software Ix | 8.0.0 |
| Cisco | Telepresence Ix5000 | All versions |
| Cisco | Telepresence Ix5200 | All versions |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0611Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=37430Vendor Advisory
- http://www.securityfocus.com/bid/72568
- http://www.securitytracker.com/id/1031733
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100806
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0611Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=37430Vendor Advisory
- http://www.securityfocus.com/bid/72568
- http://www.securitytracker.com/id/1031733
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100806
FAQ
What is CVE-2015-0611?
CVE-2015-0611 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote auth...
How severe is CVE-2015-0611?
CVE-2015-0611 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0611?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Telepresence System Software Ix, Cisco Telepresence Ix5000, Cisco Telepresence Ix5200.