Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2544

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2011-2544
Last Modified 13 Feb 2012 11:07:29
Published 23 Sep 2011 06:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-2544

Summary

Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488.

Vulnerable Systems

Application

  • Cisco Telepresence Mxp Software F8.2

  • Cisco Telepresence Mxp Software F9.0

  • Cisco Telepresence Mxp Software F9.0.1

  • Cisco Telepresence Mxp Software F9.0.2

  • Cisco Telepresence Mxp Software F9.1


References

XF - cisco-telepresence-h323-sip-xss(69906)

BID - 49670

BUGTRAQ - 20110919 Cisco TelePresence Multiple Vulnerabilities - SOS-11-010

EXPLOIT-DB - 17871

SECTRACK - 1026072

SECUNIA - 46109

SECUNIA - 46057

SREASON - 8393


Last Updated: 27 May 2016 10:56:28