Sign-up

ID

VAR-201502-0144


CVE

CVE-2015-0611


TITLE

Cisco TelePresence IX5000 Run on device Cisco IX For managing web-management Vulnerability to obtain the same authority as the help desk in the portal

Trust: 0.8

sources: JVNDB: JVNDB-2015-001481

DESCRIPTION

The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174. Vendors have confirmed this vulnerability Bug ID CSCun74174 It is released as.By a remotely authenticated user device-recovery By using the authentication, there is a possibility of obtaining the same authority as the help desk. The Cisco TelePresence IX5000 Series is the industry's first three-screen product to support H.265. An unauthorized access vulnerability exists in the Cisco TelePresence IX5000 Series that could allow an attacker to gain unauthorized access. TelePresence IX5000 Series is prone to an unauthorized-access vulnerability. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCus74174. The solution provides components such as audio and video space, which can provide remote participants with a face-to-face virtual meeting room effect. A remote attacker can exploit this vulnerability to obtain the HelpDesk-equivalent permission

Trust: 2.52

sources: NVD: CVE-2015-0611 // JVNDB: JVNDB-2015-001481 // CNVD: CNVD-2015-01134 // BID: 72568 // VULHUB: VHN-78557

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-01134

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence system software ixscope:eqversion:8.0.0

Trust: 1.6

vendor:ciscomodel:telepresence system software ixscope:eqversion:8.0.1

Trust: 1.6

vendor:ciscomodel:telepresence ix5000scope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence ix5200scope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence system software ixscope:lteversion:8 (.0.1)

Trust: 0.8

vendor:ciscomodel:telepresence ix5000 seriesscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2015-01134 // JVNDB: JVNDB-2015-001481 // CNNVD: CNNVD-201502-270 // NVD: CVE-2015-0611

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0611
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0611
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-01134
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201502-270
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78557
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0611
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-01134
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-78557
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-01134 // VULHUB: VHN-78557 // JVNDB: JVNDB-2015-001481 // CNNVD: CNNVD-201502-270 // NVD: CVE-2015-0611

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-78557 // JVNDB: JVNDB-2015-001481 // NVD: CVE-2015-0611

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-270

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201502-270

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001481

PATCH
title:Cisco TelePresence IX5000 Series Web Management Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0611
Trust: 0.8
title:37430url:http://tools.cisco.com/security/center/viewAlert.x?alertId=37430
Trust: 0.8
title:Cisco TelePresence IX5000 Series Unauthorized Access Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/55389
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-01134 // 
            
            
            
            JVNDB: JVNDB-2015-001481

EXTERNAL IDS
db:NVDid:CVE-2015-0611
Trust: 3.4
db:BIDid:72568
Trust: 2.0
db:SECTRACKid:1031733
Trust: 1.1
db:JVNDBid:JVNDB-2015-001481
Trust: 0.8
db:CNNVDid:CNNVD-201502-270
Trust: 0.7
db:CNVDid:CNVD-2015-01134
Trust: 0.6
db:VULHUBid:VHN-78557
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-01134 // 
            
            
            
            VULHUB: VHN-78557 // 
            
            
            
            BID: 72568 // 
            
            
            
            JVNDB: JVNDB-2015-001481 // 
            
            
            
            CNNVD: CNNVD-201502-270 // 
            
            
            
            NVD: CVE-2015-0611

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=37430
Trust: 2.3
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0611
Trust: 1.7
url:http://www.securityfocus.com/bid/72568
Trust: 1.1
url:http://www.securitytracker.com/id/1031733
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100806
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0611
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0611
Trust: 0.8
url:http://www.securityfocus.com/bid/72568/info
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-01134 // 
            
            
            
            VULHUB: VHN-78557 // 
            
            
            
            BID: 72568 // 
            
            
            
            JVNDB: JVNDB-2015-001481 // 
            
            
            
            CNNVD: CNNVD-201502-270 // 
            
            
            
            NVD: CVE-2015-0611

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 72568

SOURCES
db:CNVDid:CNVD-2015-01134
db:VULHUBid:VHN-78557
db:BIDid:72568
db:JVNDBid:JVNDB-2015-001481
db:CNNVDid:CNNVD-201502-270
db:NVDid:CVE-2015-0611

LAST UPDATE DATE
2025-04-13T23:41:25.601000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-01134date:2015-02-13T00:00:00
db:VULHUBid:VHN-78557date:2017-09-08T00:00:00
db:BIDid:72568date:2015-02-16T00:04:00
db:JVNDBid:JVNDB-2015-001481date:2015-02-17T00:00:00
db:CNNVDid:CNNVD-201502-270date:2015-02-12T00:00:00
db:NVDid:CVE-2015-0611date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-01134date:2015-02-13T00:00:00
db:VULHUBid:VHN-78557date:2015-02-12T00:00:00
db:BIDid:72568date:2015-02-10T00:00:00
db:JVNDBid:JVNDB-2015-001481date:2015-02-17T00:00:00
db:CNNVDid:CNNVD-201502-270date:2015-02-12T00:00:00
db:NVDid:CVE-2015-0611date:2015-02-12T01:59:27.187