Guest

Preview Tool

Cisco Bug: CSCuq94977 - Reflected Cross-Site Scripting Vulnerability in Login Page

Last Modified

May 20, 2019

Products (17)

  • Cisco Telepresence Integrator C Series
  • Cisco TelePresence Codec C60
  • Cisco TelePresence System Profile 52-inch
  • Cisco TelePresence System Profile 65-inch Dual
  • Cisco TelePresence System Profile 42-inch
  • Cisco TelePresence System Integrator Package C40
  • Cisco TelePresence Codec C40
  • Cisco TelePresence System Integrator Package C60
  • Cisco TelePresence MX200
  • Cisco TelePresence Codec C90
View all products in Bug Search Tool Login Required

Known Affected Releases

7.0.2

Description (partial)

Symptom:
Cisco TelePresence Collaboration Desk and Room Endpoints running TC software contain a cross-site scripting vulnerability within the login page of the web user interface.  An 
unauthenticated, remote attacker that can convince a user to follow a malicious link or visit an attacker controlled site could execute arbitrary HTML or script code on the affected 
users browser within the security context of the device. 

The vulnerability is due to improper input validation of certain parameters that are passed via URL?s to an affected device.  A successful attack could allow an attacker to steal 
potentially sensitive information or make modifications to settings of the affected device.

Conditions:
Devices running TC Software prior to version 7.1.0 are affected.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.