CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1722

A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. The arbitrary actions include adding an attacker-controlled device and redirecting calls intended for a specific user. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors. This vulnerability is fixed in software version X12.5.1 and later.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.4%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.3

References

Products affected by CVE-2019-1722

Cisco » Expressway Series » Version: N/A

cpe:2.3:a:cisco:expressway_series:-
Cisco » Telepresence Video Communication Server » Version: N/A

cpe:2.3:a:cisco:telepresence_video_communication_server:-
Cisco » Telepresence Video Communication Server » Version: 14.0

cpe:2.3:a:cisco:telepresence_video_communication_server:14.0
Cisco » Telepresence Video Communication Server » Version: 14.0.5

cpe:2.3:a:cisco:telepresence_video_communication_server:14.0.5
Cisco » Telepresence Video Communication Server » Version: 14.0.7

cpe:2.3:a:cisco:telepresence_video_communication_server:14.0.7
Cisco » Telepresence Video Communication Server » Version: x.6.1

cpe:2.3:a:cisco:telepresence_video_communication_server:x.6.1
Cisco » Telepresence Video Communication Server » Version: x.7.0.3

cpe:2.3:a:cisco:telepresence_video_communication_server:x.7.0.3
Cisco » Telepresence Video Communication Server » Version: x12.5

cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5
Cisco » Telepresence Video Communication Server » Version: x12.5.0

cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0
Cisco » Telepresence Video Communication Server » Version: x5.2

cpe:2.3:a:cisco:telepresence_video_communication_server:x5.2
Cisco » Telepresence Video Communication Server » Version: x6.0

cpe:2.3:a:cisco:telepresence_video_communication_server:x6.0
Cisco » Telepresence Video Communication Server » Version: x6.1

cpe:2.3:a:cisco:telepresence_video_communication_server:x6.1
Cisco » Telepresence Video Communication Server » Version: x7.0.0

cpe:2.3:a:cisco:telepresence_video_communication_server:x7.0.0
Cisco » Telepresence Video Communication Server » Version: x7.0.1

cpe:2.3:a:cisco:telepresence_video_communication_server:x7.0.1
Cisco » Telepresence Video Communication Server » Version: x7.0.2

cpe:2.3:a:cisco:telepresence_video_communication_server:x7.0.2
Cisco » Telepresence Video Communication Server » Version: x7.0.3

cpe:2.3:a:cisco:telepresence_video_communication_server:x7.0.3
Cisco » Telepresence Video Communication Server » Version: x7.1

cpe:2.3:a:cisco:telepresence_video_communication_server:x7.1
Cisco » Telepresence Video Communication Server » Version: x7.2

cpe:2.3:a:cisco:telepresence_video_communication_server:x7.2
Cisco » Telepresence Video Communication Server » Version: x7.2.0

cpe:2.3:a:cisco:telepresence_video_communication_server:x7.2.0
Cisco » Telepresence Video Communication Server » Version: x7.2.1

cpe:2.3:a:cisco:telepresence_video_communication_server:x7.2.1
Cisco » Telepresence Video Communication Server » Version: x7.2.2

cpe:2.3:a:cisco:telepresence_video_communication_server:x7.2.2
Cisco » Telepresence Video Communication Server » Version: x7.2.3

cpe:2.3:a:cisco:telepresence_video_communication_server:x7.2.3
Cisco » Telepresence Video Communication Server » Version: x7.2.4

cpe:2.3:a:cisco:telepresence_video_communication_server:x7.2.4
Cisco » Telepresence Video Communication Server » Version: x8.1

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1
Cisco » Telepresence Video Communication Server » Version: x8.1.1

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1
Cisco » Telepresence Video Communication Server » Version: x8.1.2

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.2
Cisco » Telepresence Video Communication Server » Version: x8.10

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10
Cisco » Telepresence Video Communication Server » Version: x8.10.0

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0
Cisco » Telepresence Video Communication Server » Version: x8.10.1

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1
Cisco » Telepresence Video Communication Server » Version: x8.10.2

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2
Cisco » Telepresence Video Communication Server » Version: x8.10.3

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3
Cisco » Telepresence Video Communication Server » Version: x8.10.4

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4
Cisco » Telepresence Video Communication Server » Version: x8.11

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11
Cisco » Telepresence Video Communication Server » Version: x8.11.0

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0
Cisco » Telepresence Video Communication Server » Version: x8.11.1

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1
Cisco » Telepresence Video Communication Server » Version: x8.11.2

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2
Cisco » Telepresence Video Communication Server » Version: x8.11.3

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3
Cisco » Telepresence Video Communication Server » Version: x8.11.4

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4
Cisco » Telepresence Video Communication Server » Version: x8.1_base

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1_base
Cisco » Telepresence Video Communication Server » Version: x8.2

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2
Cisco » Telepresence Video Communication Server » Version: x8.2.1

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.1
Cisco » Telepresence Video Communication Server » Version: x8.2.2

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2
Cisco » Telepresence Video Communication Server » Version: x8.2_base

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2_base
Cisco » Telepresence Video Communication Server » Version: x8.5

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5
Cisco » Telepresence Video Communication Server » Version: x8.5.0

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.0
Cisco » Telepresence Video Communication Server » Version: x8.5.1

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1
Cisco » Telepresence Video Communication Server » Version: x8.5.2

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.2
Cisco » Telepresence Video Communication Server » Version: x8.5.3

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3
Cisco » Telepresence Video Communication Server » Version: x8.6

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6
Cisco » Telepresence Video Communication Server » Version: x8.6.0

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.0
Cisco » Telepresence Video Communication Server » Version: x8.6.1

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1
Cisco » Telepresence Video Communication Server » Version: x8.7

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7
Cisco » Telepresence Video Communication Server » Version: x8.7.0

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.0
Cisco » Telepresence Video Communication Server » Version: x8.7.1

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1
Cisco » Telepresence Video Communication Server » Version: x8.7.2

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2
Cisco » Telepresence Video Communication Server » Version: x8.7.3

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3
Cisco » Telepresence Video Communication Server » Version: x8.8

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8
Cisco » Telepresence Video Communication Server » Version: x8.8.1

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1
Cisco » Telepresence Video Communication Server » Version: x8.8.2

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2
Cisco » Telepresence Video Communication Server » Version: x8.8.3

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3
Cisco » Telepresence Video Communication Server » Version: x8.9

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9
Cisco » Telepresence Video Communication Server » Version: x8.9.1

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1
Cisco » Telepresence Video Communication Server » Version: x8.9.2

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1722

Products

Pricing

Contact Us