Vulnslist

find the latest Cisco vulnerabilities

Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability

cisco-sa-20151120-tvcs · Medium · Published · Updated

A vulnerability in Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protections. An attacker could exploit this vulnerability by persuading a user of the web application to execute an adverse action. Cisco has not released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151120-tvcs

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that mitigate this vulnerability.

CVEsCVE-2015-6376
Cisco Bug IDsCSCuv72412
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:U/RC:C
Product Names From Source
Cisco TelePresence Video Communication Server (VCS)

Related Products

Product CVE Evidence
Cisco TelePresence Video Communication Server (VCS) CVE-2015-6376 Cisco OpenVuln
Cisco TelePresence CVE-2015-6376 Cisco OpenVuln