Vulnerability Description
Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Telepresence System 1000 Mxp | All versions |
| Cisco | Telepresence System 1700 Mxp | All versions |
| Cisco | Telepresence Mxp Software | <= f9.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/46057Vendor Advisory
- http://secunia.com/advisories/46109Vendor Advisory
- http://securityreason.com/securityalert/8393
- http://securitytracker.com/id?1026072
- http://www.exploit-db.com/exploits/17871Exploit
- http://www.securityfocus.com/archive/1/519698/100/0/threaded
- http://www.securityfocus.com/bid/49670
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69906
- http://secunia.com/advisories/46057Vendor Advisory
- http://secunia.com/advisories/46109Vendor Advisory
- http://securityreason.com/securityalert/8393
- http://securitytracker.com/id?1026072
- http://www.exploit-db.com/exploits/17871Exploit
- http://www.securityfocus.com/archive/1/519698/100/0/threaded
- http://www.securityfocus.com/bid/49670
FAQ
What is CVE-2011-2544?
CVE-2011-2544 is a vulnerability with a CVSS score of 3.5 (LOW). Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a cr...
How severe is CVE-2011-2544?
CVE-2011-2544 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2544?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Telepresence System 1000 Mxp, Cisco Telepresence System 1700 Mxp, Cisco Telepresence Mxp Software.