Lucene search

CiscoCVE-2012-5444

HistoryJan 17, 2013 - 3:55 p.m.

CVE-2012-5444

2013-01-1715:55:01

CWE-264

cisco

web.nvd.nist.gov

cisco

vcs

x7.0.3

remote attackers

conferences

conductor request

security vulnerability

cve-2012-5444

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

Low

EPSS

0.002

Percentile

52.4%

JSON

Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989.

Affected configurations

Nvd

Node

ciscotelepresence_video_communication_servers_softwareMatchx7.0.3

AND

ciscotelepresence_video_communication_serverMatch-

VendorProductVersionCPE
ciscotelepresence_video_communication_servers_softwarex7.0.3cpe:2.3:a:cisco:telepresence_video_communication_servers_software:x7.0.3:*:*:*:*:*:*:*
ciscotelepresence_video_communication_server-cpe:2.3:h:cisco:telepresence_video_communication_server:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	telepresence_video_communication_servers_software	x7.0.3	cpe:2.3:a:cisco:telepresence_video_communication_servers_software:x7.0.3:::::::*
cisco	telepresence_video_communication_server	-	cpe:2.3:h:cisco:telepresence_video_communication_server:-:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5444

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

Low

EPSS

0.002

Percentile

52.4%

JSON

Related for CVE-2012-5444