Cross-Site Request Forgery in Cisco TelePresence Server Software
CVE-2015-6304

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Server Software
Vendor: CVE Published:; 24 September 2015

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in Cisco TelePresence Server software version 3.0(2.24). This security issue permits remote attackers to hijack the authentication sessions of legitimate users, potentially leading to unauthorized access and control over the user’s session. Attackers can exploit this vulnerability without the need for user interaction, thus posing significant risks. The identified Bug IDs associated with this issue are CSCut63718, CSCut63724, and CSCut63760, highlighting the nature of the vulnerability that may impact the integrity and confidentiality of user accounts.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1033644

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Sep 24, 2015
Vulnerability Reserved
Aug 17, 2015