CSRF in Cisco Telepresence_advanced_media_gateway

CVE-2015-4254

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732.

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.001 (29.9th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_advanced_media_gateway — versions 1.1\(1.40\)
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

20150710 Cisco TelePresence Advanced Media Gateway Cross-Site Request Forgery Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)