Cross-Site Scripting Vulnerability in Cisco TelePresence System MXP Series
CVE-2011-2544

Currently unrated

Key Information:

Vendor
Cisco
Status
Telepresence System 1000 Mxp
Telepresence System 1700 Mxp
Telepresence Mxp Software
Vendor
CVE Published:
23 September 2011

Summary

The vulnerability in the Cisco TelePresence System MXP Series F9.1 and earlier demonstrates a cross-site scripting (XSS) flaw that permits authenticated remote users to inject arbitrary web scripts or HTML into the web interface. This issue may lead to various attacks, including cross-site request forgery (CSRF) that could alter user passwords or result in denials of service. The attack methodology typically involves crafting a malicious Call ID that exploits the web interface's processing logic.

References

http://www.securityfocus.com/bid/49670
vdb-entryx_refsource_BID
http://securityreason.com/securityalert/8393
third-party-advisoryx_refsource_SREASON
http://secunia.com/advisories/46057
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.