Credentials Management Errors

CVE-2015-4319

Medium

5.5/10

Summary

The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors, aka Bug ID CSCuv12338.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: SINGLE
Integrity Impact: PARTIAL
Confidentiality Impact: NONE
Availability Impact: PARTIAL

CWE-255 - Credentials Management Errors

Weaknesses in this category are related to the management of credentials.

References

Advisory Timeline

Published Aug 20, 2015

Credentials Management Errors

CVE-2015-4319

Summary

CWE-255 - Credentials Management Errors

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS