CRLF Injection Vulnerability in Cisco TelePresence on Integrator C SX20 Devices
CVE-2015-0770

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Tc Software
Vendor: CVE Published:; 7 June 2015

Summary

The Cisco TelePresence system contains a CRLF injection vulnerability that affects versions TC 6.x prior to 6.3.4 and TC 7.x prior to 7.3.3 on Integrator C SX20 devices. This flaw allows remote attackers to manipulate HTTP headers, leading to potential HTTP response splitting attacks through specially crafted URLs. Successful exploitation of this vulnerability can result in the execution of unauthorized commands or access to sensitive information.

References

http://www.securitytracker.com/id/1032511

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Jun 7, 2015
Vulnerability Reserved
Jan 7, 2015