Vulnerability CVE-2019-1872


Published: 2019-06-05

Description:
A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the affected software. An attacker could exploit this vulnerability by sending malicious requests to the affected system. A successful exploit could allow the attacker to send arbitrary network requests sourced from the affected system.

Type:

CWE-918

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Cisco -> Telepresence video communication server 

 References:
http://www.securityfocus.com/bid/108677
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-vcs

Copyright 2024, cxsecurity.com

 

Back to Top