NotCVE - vendor:"Cisco" product:"Telepresence Ix5000"

2 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-6652

https://notcve.org/view.php?id=CVE-2017-6652

A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using directory traversal techniques to read files within the Cisco TelePresence IX5000 Series filesystem. This vulnerability affects Cisco TelePresence IX5000 Series devices running software version 8.2.0. Cisco Bug IDs: CSCvc52325. • http://www.securityfocus.com/bid/98519 http://www.securitytracker.com/id/1038509 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-telepresence-ix5000 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2015-0611

https://notcve.org/view.php?id=CVE-2015-0611

The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174. El portal de la gestión del web administrativo en Cisco IX 8 (.0.1) y anteriores en los dispositivos Cisco TelePresence IX5000 no restringe correctamente el acceso a la cuenta de la recuperación de dispositivos, lo que permite a usuarios remotos autenticados obtener privilegios equivalentes a HelpDesk mediante el aprovechamiento de la autenticación de la recuperación de dispositivos, también conocido como Bug ID CSCus74174. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0611 http://tools.cisco.com/security/center/viewAlert.x?alertId=37430 http://www.securityfocus.com/bid/72568 http://www.securitytracker.com/id/1031733 https://exchange.xforce.ibmcloud.com/vulnerabilities/100806 • CWE-264: Permissions, Privileges, and Access Controls •