The administrative web-management portal in Cisco IX 8 (.0.1) and previous versions on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco telepresence_system_software_ix 8.0.0 |
||
cisco telepresence_system_software_ix 8.0.1 |