Lucene search

CiscoCISCO-SA-20150709-CVE-2015-4252

HistoryJul 09, 2015 - 7:40 p.m.

Cisco TelePresence ISDN Gateway Software Cross-Site Request Forgery Vulnerability

2015-07-0919:40:37

tools.cisco.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.001

Percentile

32.7%

JSON

A vulnerability in the Cisco TelePresence ISDN Gateway could allow an unauthenticated, remote attacker to execute unwanted actions.

The vulnerability is due to insufficient cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action.

Cisco has confirmed the vulnerability; however, no software updates are available.

To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.

Affected configurations

Vulners

Node

ciscotelepresence_isdn_gw_3241Matchany

ciscotelepresence_isdn_gw_3241Match3241

VendorProductVersionCPE
ciscotelepresence_isdn_gw_3241anycpe:2.3:a:cisco:telepresence_isdn_gw_3241:any:*:*:*:*:*:*:*
ciscotelepresence_isdn_gw_32413241cpe:2.3:a:cisco:telepresence_isdn_gw_3241:3241:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	telepresence_isdn_gw_3241	any	cpe:2.3:a:cisco:telepresence_isdn_gw_3241:any:::::::*
cisco	telepresence_isdn_gw_3241	3241	cpe:2.3:a:cisco:telepresence_isdn_gw_3241:3241:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150709-CVE-2015-4252

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.001

Percentile

32.7%

JSON

Related for CISCO-SA-20150709-CVE-2015-4252