SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Multimedia)  >   Cisco TelePresence Vendors:   Cisco
Cisco TelePresence Video Communication Server Input Validation Flaw Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1026186
SecurityTracker URL:  http://securitytracker.com/id/1026186
CVE Reference:   CVE-2011-3294   (Links to External Site)
Date:  Oct 13 2011
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): VCS prior to 7.0
Description:   A vulnerability was reported in Cisco TelePresence Video Communication Server. A remote user can conduct cross-site scripting attacks.

The login page does not properly filter HTML code from user-supplied input in the HTTP User-Agent header before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the Cisco TelePresence administrative interface and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Cisco has assigned Cisco bug ID CSCts80342 to this vulnerability.

Billy Hoffman from Zoompf, Inc. and Ben Feinstein from Dell SecureWorks reported this vulnerability.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Cisco TelePresence software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   The vendor has issued a fix (7.0).

The vendor's advisory is available at:

http://www.cisco.com/warp/public/707/cisco-sr-20111012-vcs.shtml

Vendor URL:  www.cisco.com/warp/public/707/cisco-sr-20111012-vcs.shtml (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents

Subject:  Cisco Security Response: Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Response: Cisco TelePresence Video Communication
Server Cross-Site Scripting Vulnerability

Revision 1.0

For Public Release 2011 October 12 1600 UTC (GMT)

+-----------------------------------------------------------------

Cisco Response
==============

A vulnerability exists in Cisco TelePresence Video Communication
Server (VCS) due to improper validation of user-controlled input to
the web-based administrative interface. User-controlled input
supplied to the login page via the HTTP User-Agent header is not
properly sanitized for illegal or malicious content prior to being
returned to the user in dynamically generated web content. A remote
attacker could exploit this vulnerability to perform reflected
cross-site scripting attacks.

Billy Hoffman from Zoompf, Inc., discovered this vulnerability and
Ben Feinstein from Dell SecureWorks reported it to Cisco. Cisco
greatly appreciates the opportunity to work with researchers on
security vulnerabilities and welcome the opportunity to review and
assist in product reports.

Additional Information
======================

Cisco TelePresence Video Communication Server Software versions
earlier than X7.0 are affected. This vulnerability has been corrected
in Cisco TelePresence Video Communication Server Software version
X7.0.

This vulnerability is documented in Cisco bug ID CSCts80342 
and has been assigned CVE ID CVE-2011-3294.

Additional mitigations that can be deployed on Cisco devices in the
network are available in the Cisco Applied Mitigation Bulletin:
Understanding Cross-Site Scripting (XSS) Threat Vectors: 
http://www.cisco.com/warp/public/707/cisco-amb-20060922-understanding-xss.shtml

Status of this Notice: FINAL
============================

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.

A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.

Revision History
================

+----------------------------------------+
| Revision | 2011-September-12 | Initial |
| 1.0      |                   | draft   |
+----------------------------------------+

Cisco Security Procedures
=========================

Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at: 
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco 
security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt

+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iFcDBQFOlbMGQXnnBKKRMNARCFD1AP9KbpH46PWln/yVSq3eGzRI206Ny2mAE9SQ
hFo+8cy6IgD+MrSFSPNNB+ePsqrAICxWML7Uhf4bRPV0WTpceKzSG2c=
=fgWv
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC