CVE-2012-5444 — Cross-site Scripting in Cisco Telepresence Video Communication Servers Software

CWE-264 CWE-79 — Cross-site Scripting CWE-384 — Session Fixation CWE-352 — Cross-Site Request Forgery12 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.2%

top 52.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence Video Communication Servers Software

Timeline

PublishedJan 17

Latest updateMay 17

Description

Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/telepresence_video_communication_servers_softwarex7.0.3

🔴Vulnerability Details

GHSA

GHSA-g392-qjx3-m63p: Cisco TelePresence Video Communication Server (VCS) X7↗2022-05-17

▶

CVEList

CVE-2012-5444: Cisco TelePresence Video Communication Server (VCS) X7↗2013-01-17

▶

📋Vendor Advisories

Cisco

Cisco TelePresence Video Communication Server Policy Services Security Bypass Vulnerability↗2013-01-22

▶

Red Hat

cumin: allows for editing internal Condor job attributes↗2012-09-19

▶

Red Hat

cumin: authentication bypass flaws↗2012-09-19

▶

Red Hat

cumin: multiple XSS flaws↗2012-09-19

▶

Red Hat

cumin: session fixation flaw↗2012-09-19

▶