Guest

Preview Tool

Cisco Bug: CSCte55677 - SOAP Calendar Service Authentication Bypass

Last Modified

Nov 12, 2015

Products (1)

  • Cisco TelePresence System 3000 Series

Known Affected Releases

1.8.0

Description (partial)

Symptoms:
When configured in secure mode the Conference Scheduling service does not require authentication.  This could allow an unauthenticated attacker 
that can access an affected device to manipulate the scheduled meeting list on the IP Phone that is connected to the Endpoint System.

Conditions:
Systems running an affected version of Cisco TelePresence Endpoint software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.