CSRF in Cisco Telepresence_video_communication_server_software

CVE-2015-6376

Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412.

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.001 (29.9th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_video_communication_server_software — versions x8.5.1
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

20151120 Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)