Cisco TelePresence Management Suite (TMS) software implements a Simple Object Access Protocol (SOAP) interface that by design allows unauthenticated access to web services designed to provide management features to devices.
At first publication of the advisory, the management feature was not documented and may have represented unknown risks to customers implementing the feature within their environments. Customers should refer to page 18 of the Cisco TMS Admin Guide for additional information that documents the management feature.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-tms-soap
Security Impact Rating: Informational
CVE: CVE-2019-1660
Source:: Cisco Security Advisories