Skip to main content

Telepresence Video Communication Server CVE-2019-12705

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2019-10-16 psirt@cisco.com
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 16, 2019 - 19:15 nvd
MEDIUM 6.1

DescriptionNVD

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

AnalysisAI

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. Affected products include: Cisco Telepresence Video Communication Server.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2016-1468 HIGH
8.8 Aug 08

The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authen

CVE-2017-3790 HIGH
8.6 Feb 01

A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Serv

CVE-2019-1845 HIGH
8.6 Jun 05

A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM

CVE-2012-0330 HIGH
7.8 Mar 01

Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of s

CVE-2023-20192 HIGH
7.7 Jun 28

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow

CVE-2016-1400 HIGH
7.5 May 25

Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of ser

CVE-2012-0331 HIGH
7.5 Mar 01

Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of s

CVE-2020-3596 HIGH
7.5 Oct 08

A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communi

CVE-2018-0409 HIGH
7.5 Aug 15

A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P)

CVE-2018-0358 HIGH
7.5 Jun 21

A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could

CVE-2023-20209 HIGH
7.2 Aug 16

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communicat

CVE-2022-20755 HIGH
7.2 Apr 06

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresenc

Share

CVE-2019-12705 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy