Lucene search

CiscoCVE-2011-3294

HistoryOct 19, 2011 - 3:55 p.m.

CVE-2011-3294

2011-10-1915:55:02

CWE-79

cisco

web.nvd.nist.gov

cve-2011-3294

cross-site scripting

xss

cisco

telepresence

vcs

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Cross-site scripting (XSS) vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers (VCS) with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342.

Affected configurations

Nvd

Node

ciscotelepresence_video_communication_servers

AND

ciscotelepresence_video_communication_servers_softwareRange≤x6.1

ciscotelepresence_video_communication_servers_softwareMatchx5.2

ciscotelepresence_video_communication_servers_softwareMatchx6.0

VendorProductVersionCPE
ciscotelepresence_video_communication_servers*cpe:2.3:h:cisco:telepresence_video_communication_servers:*:*:*:*:*:*:*:*
ciscotelepresence_video_communication_servers_software*cpe:2.3:a:cisco:telepresence_video_communication_servers_software:*:*:*:*:*:*:*:*
ciscotelepresence_video_communication_servers_softwarex5.2cpe:2.3:a:cisco:telepresence_video_communication_servers_software:x5.2:*:*:*:*:*:*:*
ciscotelepresence_video_communication_servers_softwarex6.0cpe:2.3:a:cisco:telepresence_video_communication_servers_software:x6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	telepresence_video_communication_servers	*	cpe:2.3:h:cisco:telepresence_video_communication_servers::::::::
cisco	telepresence_video_communication_servers_software	*	cpe:2.3:a:cisco:telepresence_video_communication_servers_software::::::::
cisco	telepresence_video_communication_servers_software	x5.2	cpe:2.3:a:cisco:telepresence_video_communication_servers_software:x5.2:::::::*
cisco	telepresence_video_communication_servers_software	x6.0	cpe:2.3:a:cisco:telepresence_video_communication_servers_software:x6.0:::::::*

References

securitytracker.com/id?1026186

www.cisco.com/en/US/products/products_security_response09186a0080b98d0b.html

www.securityfocus.com/bid/50084

exchange.xforce.ibmcloud.com/vulnerabilities/70563

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Related for CVE-2011-3294