{"api_version":"1","generated_at":"2026-04-23T09:38:34+00:00","cve":"CVE-2015-6261","urls":{"html":"https://cve.report/CVE-2015-6261","api":"https://cve.report/api/cve/CVE-2015-6261.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-6261","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-6261"},"summary":{"title":"CVE-2015-6261","description":"Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531.","state":"PUBLIC","assigner":"psirt@cisco.com","published_at":"2015-08-26 14:59:00","updated_at":"2017-01-04 18:17:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"http://www.securitytracker.com/id/1033379","name":"1033379","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Cisco TelePresence Video Communication Server (VCS) Expressway TFTP Authentication Flaw Lets Remote Authenticated Users Access a Configuration File on the Target System - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://tools.cisco.com/security/center/viewAlert.x?alertId=40620","name":"20150825 Cisco TelePresence Video Communication Server Expressway TFTP Information Disclosure Vulnerability","refsource":"CISCO","tags":["Vendor Advisory"],"title":"Cisco TelePresence Video Communication Server Expressway TFTP Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-6261","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-6261","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"6261","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_video_communication_server_software","cpe6":"x8.5.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"expressway","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"6261","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"telepresence_video_communication_server_software","cpe6":"x8.5.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"expressway","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","ID":"CVE-2015-6261","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1033379","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1033379"},{"name":"20150825 Cisco TelePresence Video Communication Server Expressway TFTP Information Disclosure Vulnerability","refsource":"CISCO","url":"http://tools.cisco.com/security/center/viewAlert.x?alertId=40620"}]}},"nvd":{"publishedDate":"2015-08-26 14:59:00","lastModifiedDate":"2017-01-04 18:17:00","problem_types":["CWE-200"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:expressway:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"6261","Ordinal":"83262","Title":"CVE-2015-6261","CVE":"CVE-2015-6261","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"6261","Ordinal":"1","NoteData":"Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"6261","Ordinal":"2","NoteData":"2015-08-26","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"6261","Ordinal":"3","NoteData":"2016-12-22","Type":"Other","Title":"Modified"}]}}}