Cisco Bug: CSCuq94977 - Reflected Cross-Site Scripting Vulnerability in Login Page

Last Modified

May 20, 2019

Products (17)

Cisco Telepresence Integrator C Series
Cisco TelePresence Codec C60
Cisco TelePresence System Profile 52-inch
Cisco TelePresence System Profile 65-inch Dual
Cisco TelePresence System Profile 42-inch
Cisco TelePresence System Integrator Package C40
Cisco TelePresence Codec C40
Cisco TelePresence System Integrator Package C60
Cisco TelePresence MX200
Cisco TelePresence Codec C90

View all products in Bug Search Tool Login Required

Known Affected Releases

7.0.2

Description (partial)

Symptom:
Cisco TelePresence Collaboration Desk and Room Endpoints running TC software contain a cross-site scripting vulnerability within the login page of the web user interface.  An 
unauthenticated, remote attacker that can convince a user to follow a malicious link or visit an attacker controlled site could execute arbitrary HTML or script code on the affected 
users browser within the security context of the device. 

The vulnerability is due to improper input validation of certain parameters that are passed via URL?s to an affected device.  A successful attack could allow an attacker to steal 
potentially sensitive information or make modifications to settings of the affected device.

Conditions:
Devices running TC Software prior to version 7.1.0 are affected.

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts