Informazioni sul CVE-2019-1679
Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server REST API Server-Side Request Forgery Vulnerability
CWE ID: CWE-918
Base Score (CVSS): N/A
CVE: CVE-2019-1679
Descrizione: A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack is commonly referred to as server-side request forgery (SSRF). The vulnerability is due to insufficient access controls for the REST API of Cisco Expressway Series and Cisco TelePresence VCS. An attacker could exploit this vulnerability by submitting a crafted HTTP request to the affected server. Versions prior to XC4.3.4 are affected.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-rest-api-ssrf
- http://www.securityfocus.com/bid/106940
Prodotti interessati
- Cisco – Cisco TelePresence Conductor
- Cisco – Cisco Expressway Series
- Cisco – Cisco TelePresence Video Communication Server
Relazioni con altri prodotti
Produttore:Cisco
Prodotto: Cisco TelePresence Conductor
Anno: 2019
CWE: CWE-918
CVSS: 0.0
Produttore:Cisco
Prodotto: Cisco Expressway Series
Anno: 2019
CWE: CWE-918
CVSS: 0.0
Produttore:Cisco
Prodotto: Cisco TelePresence Video Communication Server
Anno: 2019
CWE: CWE-918
CVSS: 0.0