Lack of Role-Based Access Control (RBAC) in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier

Lack of Role-Based Access Control (RBAC) in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier

CVE-2015-6417 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025.

Learn more about our User Device Pen Test.