Executive Summary
| Summary | |
|---|---|
| Title | Cisco IP Interoperability and Collaboration System Universal Media Services Unauthorized Access Vulnerability |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20161026-ipics | First vendor Publication | 2016-10-26 |
| Vendor | Cisco | Last vendor Modification | 2016-10-26 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. The vulnerability is due to insufficient authentication for the interdevice communications interface access. An attacker could exploit this issue by accessing the interdevice communications interface and making changes to the UMS configuration, causing the system to become unavailable. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics BEGIN PGP SIGNATURE iQIcBAEBCgAGBQJYEKgeAAoJEK89gD3EAJB5kCkQAMBJBOUJKaTtf3g9NlubllRm aoZVVdjNFTzVtWtgpcp3uXTIojTL2gJl56bLANEqdkzRCWlGPvEWCIwXCgHqDnal crG4NcImv1P5UUeUVtsxSqOM9eIvaE+xwEDb19qCPFguWdDX91q6tyTxcWbrJOjz KtzHOoVEqlfqJyFZ1HpbVbdLhzvo33M88X9L8YBl8syravWmGWuu5AsuUBgqOgvA UW294RVd8LSVkrJwvD8rcOUmUSkKJ0RopqoRO/+YTK4DLd2EF63pXfPV1Gp4+J6u Kq66Dv/Fq5D/7WneSAeiCbQ9eTVlpAE0Y3gucZB0/2juEoXLXqMMasgNtIs5Z4MK AJvnN3TdocofxykwFgxi7ta3QzqIfzW8tlF+J9f1BxPmh/yItOgYacIpaDj7Hmdb M3SsoVIP0uGWyrBZa9YySRGCbUbGaTn5wXiBFu5tRoesvQ0Wk81Im3JWSrGMq1uK 1ae+LMMTYH1wgnPhIm5jRsTnUQ0p3BYgKsU8L+aTbvDRdWKGCYLQue9JxmqKKb7C mVW/BG/wC5FGg7oaMrF1uU3mNIR4WU4B46qFpWj58dJe3+IOmcniIVBoWSZTC6AF P6nqGxHwg5ATvxPBrNR8KYYjiGLcdtSlN/kBgPXK3qPI0elF8vHRqyUL4gzxJt4D IJsTFgSztk8B9FlbSdnu =o3dI END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-287 | Improper Authentication |
CPE : Common Platform Enumeration
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2016-10-27 | Cisco Universal Media Services potentially unauthorized API access detected RuleID : 40580 - Revision : 1 - Type : POLICY-OTHER |
Alert History
| Date | Informations |
|---|---|
| 2016-10-29 00:25:21 |
|
| 2016-10-26 21:21:09 |
|
