CVE-2019-1872 — Server-Side Request Forgery in Cisco Telepresence Video Communication Server

CWE-918 — Server-Side Request Forgery4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 45.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence Video Communication Server Cisco Telepresence Video Communication Server

Timeline

PublishedJun 5

Latest updateMay 24

Description

A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the affected software. An attacker could exploit this vulnerability by sending malicious requests to the affected system. A successful exploit could allow the attacker to send arbitrary network requests sour…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDcisco/telepresence_video_communication_server< x12.5

▶CVEListV5cisco/cisco_telepresence_video_communication_serverunspecified — X12.5

🔴Vulnerability Details

GHSA

GHSA-8m4x-vrfr-vphq: A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote att↗2022-05-24

▶

CVEList

Cisco TelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery Vulnerability↗2019-06-05

▶

📋Vendor Advisories

Cisco

Cisco TelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery Vulnerability↗2019-06-05

▶