Guest

Preview Tool

Cisco Bug: CSCuq94980 - Malicious Redirect in Login Page

Last Modified

Aug 11, 2015

Products (17)

  • Cisco Telepresence Integrator C Series
  • Cisco TelePresence Codec C60
  • Cisco TelePresence System Profile 52-inch
  • Cisco TelePresence System Profile 65-inch Dual
  • Cisco TelePresence System Integrator Package C40
  • Cisco TelePresence System Profile 42-inch
  • Cisco TelePresence Codec C40
  • Cisco TelePresence MX200
  • Cisco TelePresence System Integrator Package C60
  • Cisco TelePresence System Integrator Package C90
View all products in Bug Search Tool Login Required

Known Affected Releases

6.3.x 7.0.2

Description (partial)

Symptoms:
Cisco TelePresence Collaboration Desk and Room Endpoints running TC software contain an HTML redirect vulnerability within the login page of the web user interface.  An 
unauthenticated, remote attacker that can convince a user to follow a malicious link or visit an attacker controlled site could cause a users browser to be automatically redirected to 
an attacker controlled site.

The vulnerability is due to improper input validation of certain parameters that are passed via URL?s to an affected device.  A successful attack could allow an attacker to steal 
potentially sensitive information by impersonating the legitimate device.

Conditions:
Devices running TC Software prior to version 6.3-26 and prior to 7.3.0 are affected.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.