CVE-2015-0697

CWE-601 โ€” Open RedirectCWE-20 โ€” Improper Input Validation6 documents5 sources
Severity
5.8MEDIUM
EPSS
0.2%
top 57.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Telepresence TC Software
Timeline
PublishedApr 15
Latest updateMay 17

Description

Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

โ–ถNVDcisco/telepresence_tc_software15 versions+14

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-q74v-5rv8-9qjj: Open redirect vulnerability in the login page in Cisco TC Software before 6โ†—2022-05-17
โ–ถ
CVEList
CVE-2015-0697: Open redirect vulnerability in the login page in Cisco TC Software before 6โ†—2015-04-15
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Cisco
Cisco TelePresence Collaboration Desk and Room Endpoints HTML Redirect Vulnerabilityโ†—2015-04-14
โ–ถ

๐Ÿ’ฌCommunity

2
Bugzilla
CVE-2015-0340 flash-plugin: file upload restriction bypass (APSB15-05)โ†—2015-03-13
โ–ถ
Bugzilla
CVE-2015-0337 flash-plugin: cross-domain policy bypass (APSB15-05)โ†—2015-03-13
โ–ถ