Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Telepresence Video Communication Server Cross-Site Scripting Vulnerability

Cisco-SA-20150527-CVE-2015-0752 · Medium · Published · Updated

A vulnerability in TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input submitted to and processed by an affected device. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary JavaScript code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco has confirmed the vulnerability; however, software updates are not available. To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the link.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to contact the vendor regarding future updates and releases.

Users are advised not to open email messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in email messages are safe, they are advised not to open them.

For additional information about XSS attacks and the methods used to exploit these vulnerabilities, see the Cisco Applied Mitigation Bulletin Understanding Cross-Site Scripting (XSS) Threat Vectors["http://www.cisco.com/c/en/us/support/docs/cmb/cisco-amb-20060922-understanding-xss.html"].

Administrators are advised to monitor affected systems.

CVEsCVE-2015-0752
Cisco Bug IDsCSCut27635
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:C
Product Names From Source
Cisco TelePresence Video Communication Server (VCS)

Related Products

Product CVE Evidence
Cisco TelePresence Video Communication Server (VCS) CVE-2015-0752 Cisco OpenVuln
Cisco TelePresence CVE-2015-0752 Cisco OpenVuln