Vulnerability Details CVE-2015-0620
The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.6%
CVSS Severity
CVSS v2 Score 4.0
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0620
- http://tools.cisco.com/security/center/viewAlert.x?alertId=37491
- http://www.securitytracker.com/id/1031753
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100924
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0620
- http://tools.cisco.com/security/center/viewAlert.x?alertId=37491
- http://www.securitytracker.com/id/1031753
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100924
Products affected by CVE-2015-0620
-
cpe:2.3:a:cisco:telepresence_management_suite:-
-
cpe:2.3:a:cisco:telepresence_management_suite:13.0
-
cpe:2.3:a:cisco:telepresence_management_suite:13.0.1
-
cpe:2.3:a:cisco:telepresence_management_suite:13.1
-
cpe:2.3:a:cisco:telepresence_management_suite:13.1.1
-
cpe:2.3:a:cisco:telepresence_management_suite:13.1.2
-
cpe:2.3:a:cisco:telepresence_management_suite:13.2
-
cpe:2.3:a:cisco:telepresence_management_suite:13.2.1
-
cpe:2.3:a:cisco:telepresence_management_suite:13.2.2
-
cpe:2.3:a:cisco:telepresence_management_suite:14.1
-
cpe:2.3:a:cisco:telepresence_management_suite:14.1.1
-
cpe:2.3:a:cisco:telepresence_management_suite:14.2
-
cpe:2.3:a:cisco:telepresence_management_suite:14.2.1
-
cpe:2.3:a:cisco:telepresence_management_suite:14.2.2
-
cpe:2.3:a:cisco:telepresence_management_suite:14.3
-
cpe:2.3:a:cisco:telepresence_management_suite:14.3(.1)
-
cpe:2.3:a:cisco:telepresence_management_suite:14.3(.2)