Cisco-SA-20150605-CVE-2015-0770

Cisco TelePresence HTTP Response Splitting Vulnerability

Cisco-SA-20150605-CVE-2015-0770 · Medium · Published 10 years ago · Updated 10 years ago

A vulnerability in Cisco TelePresence Collaboration Desk and Room Endpoints running TC Software could allow an unauthenticated, remote attacker to conduct HTTP response splitting attacks. The vulnerability is due to insufficient user input sanitization performed by the affected software while processing HTTP requests. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to follow a malicious link. If successful, the attacker could conduct HTTP response splitting attacks. Cisco has confirmed the vulnerability and released software updates. To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the link. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

CVEs	CVE-2015-0770
Cisco Bug IDs	CSCut79341
CVSS Score	Base 5.0 Base 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C
Product Names From Source	Cisco TelePresence TC Software

Related Products

Product	CVE	Evidence
Cisco TelePresence TC Software	CVE-2015-0770	Cisco OpenVuln
Cisco TelePresence	CVE-2015-0770	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco TelePresence HTTP Response Splitting Vulnerability

Workarounds

Related Products