Sign-up

ID

VAR-201605-0549


CVE

CVE-2016-1387


TITLE

Cisco TelePresence Software TC and CE of XML API Vulnerable to executing control commands

Trust: 0.8

sources: JVNDB: JVNDB-2016-002464

DESCRIPTION

The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935. Vendors have confirmed this vulnerability Bug ID CSCuz26935 It is released as.By a third party API Control commands may be executed or settings may be changed via requests. Cisco TelePresence Software is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCuz26935. This issue affects Cisco TelePresence Software versions TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, and CE 8.1.0 running on the following Cisco products: TelePresence EX Series TelePresence Integrator C Series TelePresence MX Series TelePresence Profile Series TelePresence SX Series TelePresence SX Quick Set Series TelePresence VX Clinical Assistant TelePresence VX Tactical

Trust: 1.98

sources: NVD: CVE-2016-1387 // JVNDB: JVNDB-2016-002464 // BID: 89912 // VULHUB: VHN-90206

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.2.0

Trust: 2.4

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.2.1

Trust: 2.4

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.3.0

Trust: 2.4

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.3.1

Trust: 2.4

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.3.2

Trust: 2.4

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.3.3

Trust: 2.4

vendor:ciscomodel:telepresence ce softwarescope:eqversion:8.0.0

Trust: 0.8

vendor:ciscomodel:telepresence ce softwarescope:eqversion:8.0.1

Trust: 0.8

vendor:ciscomodel:telepresence ce softwarescope:eqversion:8.1.0

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.3.4

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.3.5

Trust: 0.8

sources: JVNDB: JVNDB-2016-002464 // CNNVD: CNNVD-201605-109 // NVD: CVE-2016-1387

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1387
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-1387
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201605-109
value: CRITICAL

Trust: 0.6

VULHUB: VHN-90206
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1387
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90206
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1387
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90206 // JVNDB: JVNDB-2016-002464 // CNNVD: CNNVD-201605-109 // NVD: CVE-2016-1387

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-90206 // JVNDB: JVNDB-2016-002464 // NVD: CVE-2016-1387

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-109

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201605-109

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002464

PATCH
title:cisco-sa-20160504-tpxmlurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml
Trust: 0.8
title:Cisco TelePresence Codec  and Collaboration Endpoint Software Fixes for authentication bypassing vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61432
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-002464 // 
            
            
            
            CNNVD: CNNVD-201605-109

EXTERNAL IDS
db:NVDid:CVE-2016-1387
Trust: 2.8
db:SECTRACKid:1035744
Trust: 1.1
db:JVNDBid:JVNDB-2016-002464
Trust: 0.8
db:CNNVDid:CNNVD-201605-109
Trust: 0.7
db:BIDid:89912
Trust: 0.4
db:VULHUBid:VHN-90206
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90206 // 
            
            
            
            BID: 89912 // 
            
            
            
            JVNDB: JVNDB-2016-002464 // 
            
            
            
            CNNVD: CNNVD-201605-109 // 
            
            
            
            NVD: CVE-2016-1387

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-tpxml
Trust: 2.0
url:http://www.securitytracker.com/id/1035744
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1387
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1387
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90206 // 
            
            
            
            BID: 89912 // 
            
            
            
            JVNDB: JVNDB-2016-002464 // 
            
            
            
            CNNVD: CNNVD-201605-109 // 
            
            
            
            NVD: CVE-2016-1387

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 89912 // 
            
            
            
            CNNVD: CNNVD-201605-109

SOURCES
db:VULHUBid:VHN-90206
db:BIDid:89912
db:JVNDBid:JVNDB-2016-002464
db:CNNVDid:CNNVD-201605-109
db:NVDid:CVE-2016-1387

LAST UPDATE DATE
2025-04-13T23:26:38.404000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90206date:2016-12-01T00:00:00
db:BIDid:89912date:2016-05-04T00:00:00
db:JVNDBid:JVNDB-2016-002464date:2016-05-10T00:00:00
db:CNNVDid:CNNVD-201605-109date:2016-05-06T00:00:00
db:NVDid:CVE-2016-1387date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-90206date:2016-05-05T00:00:00
db:BIDid:89912date:2016-05-04T00:00:00
db:JVNDBid:JVNDB-2016-002464date:2016-05-10T00:00:00
db:CNNVDid:CNNVD-201605-109date:2016-05-05T00:00:00
db:NVDid:CVE-2016-1387date:2016-05-05T21:59:04.423