Vulnslist

find the latest Cisco vulnerabilities

Cisco TelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery Vulnerability

cisco-sa-20190605-vcs · Medium · Published · Updated

A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the affected software. An attacker could exploit this vulnerability by sending malicious requests to the affected system. A successful exploit could allow the attacker to send arbitrary network requests sourced from the affected system. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-vcs

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2019-1872
Cisco Bug IDsCSCvj33774
CVSS ScoreBase 5.3
Base 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco TelePresence Video Communication Server (VCS), Cisco TelePresence Video Communication Server (VCS) Expressway

Related Products

Product CVE Evidence
Cisco TelePresence Video Communication Server (VCS) Expressway CVE-2019-1872 Cisco OpenVuln
Cisco TelePresence Video Communication Server (VCS) CVE-2019-1872 Cisco OpenVuln
Cisco TelePresence CVE-2019-1872 Cisco OpenVuln
Cisco Expressway CVE-2019-1872 Cisco OpenVuln