CVE-2012-5444

Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5444	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:cisco:telepresence_video_communication_servers_software:x7.0.3:*:*:*:*:*:*:*

cpe:2.3:h:cisco:telepresence_video_communication_server:-:*:*:*:*:*:*:*

Information

Published : 2013-01-17 07:55

Updated : 2013-01-28 21:00

NVD link : CVE-2012-5444

Mitre link : CVE-2012-5444

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

cisco

telepresence_video_communication_server
telepresence_video_communication_servers_software

5.0 /10