CVE-2015-6261
Summary
| CVE | CVE-2015-6261 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-08-26 14:59:00 UTC |
| Updated | 2017-01-04 18:17:00 UTC |
| Description | Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Telepresence Video Communication Server Software | x8.5.2 | All | All | All |
| Application | Cisco | Telepresence Video Communication Server Software | x8.5.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco TelePresence Video Communication Server (VCS) Expressway TFTP Authentication Flaw Lets Remote Authenticated Users Access a Configuration File on the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Cisco TelePresence Video Communication Server Expressway TFTP Information Disclosure Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.