CiscoCISCO-SA-20151120-TVCSCisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
44.2%
A vulnerability in Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to execute unwanted actions.
The vulnerability is due to a lack of cross-site request forgery (CSRF) protections. An attacker could exploit this vulnerability by persuading a user of the web application to execute an adverse action.
Cisco has not released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151120-tvcs[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151120-tvcs”]
Affected configurations
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
44.2%