CVE-2017-3815 - OpenCVE

An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prior to Cisco TelePresence Software Release 4.3 and are running in locally managed mode. The vulnerable API was deprecated in Cisco TelePresence Software Release 4.3. More Information: CSCvc37616.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Telepresence Server Software

Configuration 1 [-]

OR	cpe:2.3:a:cisco:telepresence_server_software:4.2\(4.17\):::::::*
	cpe:2.3:a:cisco:telepresence_server_software:4.2\(4.18\):::::::*
	cpe:2.3:a:cisco:telepresence_server_software:4.2\(4.19\):::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/96922
http://www.securitytracker.com/id/1038035
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tps

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2017-03-17T22:00:00

Updated: 2024-08-05T14:39:40.922Z

Reserved: 2016-12-21T00:00:00

Link: CVE-2017-3815

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-03-17T22:59:00.203

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-3815

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco TelePresence Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco TelePresence Server"}]}], "datePublic": "2017-03-17T00:00:00", "descriptions": [{"lang": "en", "value": "An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prior to Cisco TelePresence Software Release 4.3 and are running in locally managed mode. The vulnerable API was deprecated in Cisco TelePresence Software Release 4.3. More Information: CSCvc37616."}], "problemTypes": [{"descriptions": [{"description": "API Privilege Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-11T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tps"}, {"name": "96922", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96922"}, {"name": "1038035", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038035"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-3815", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco TelePresence Server", "version": {"version_data": [{"version_value": "Cisco TelePresence Server"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prior to Cisco TelePresence Software Release 4.3 and are running in locally managed mode. The vulnerable API was deprecated in Cisco TelePresence Software Release 4.3. More Information: CSCvc37616."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "API Privilege Vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tps", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tps"}, {"name": "96922", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96922"}, {"name": "1038035", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038035"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:39:40.922Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tps"}, {"name": "96922", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96922"}, {"name": "1038035", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038035"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-3815", "datePublished": "2017-03-17T22:00:00", "dateReserved": "2016-12-21T00:00:00", "dateUpdated": "2024-08-05T14:39:40.922Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.2\\(4.17\\):*:*:*:*:*:*:*", "matchCriteriaId": "691F909F-2B7C-47B7-A998-43AD18B869E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.2\\(4.18\\):*:*:*:*:*:*:*", "matchCriteriaId": "017157F9-2588-4EA8-B5B2-A5C585DAB765", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_server_software:4.2\\(4.19\\):*:*:*:*:*:*:*", "matchCriteriaId": "524682D4-B26E-43E6-B74C-ADBE10A35FFA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prior to Cisco TelePresence Software Release 4.3 and are running in locally managed mode. The vulnerable API was deprecated in Cisco TelePresence Software Release 4.3. More Information: CSCvc37616."}, {"lang": "es", "value": "Una vulnerabilidad de privilegios de API en Cisco TelePresence Server Software podr\u00eda permitir que un atacante remoto no autenticado emule los puntos finales de Cisco TelePresence Server. Productos afectados: Esta vulnerabilidad afecta a los procesadores Cisco TelePresence Server MSE 8710 que ejecutan una versi\u00f3n de software anterior a Cisco TelePresence Software Release 4.3 y se ejecutan en modo administrado localmente. El API vulnerable estaba obsoleto en Cisco TelePresence Software Release 4.3. M\u00e1s informaci\u00f3n: CSCvc37616."}], "id": "CVE-2017-3815", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-17T22:59:00.203", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96922"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1038035"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tps"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}