VAR-201301-0041
Vulnerability from variot - Updated: 2023-12-18 13:29Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989. The problem is Bug ID CSCub67989 It is a problem.Unspecified by a third party Conductor A meeting may be created via a request. Successful exploits may allow an attacker to bypass intended security restrictions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCub67989. The solution provides components such as audio and video spaces, which can provide remote participants with a "face-to-face" virtual meeting room effect. A remote attacker could exploit this vulnerability to create a conference through an unidentified Conductor request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201301-0041",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "telepresence video communication servers software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "x7.0.3"
},
{
"model": "telepresence video communication server software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "x7.0.3"
},
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "x7.0.3"
}
],
"sources": [
{
"db": "BID",
"id": "57486"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001202"
},
{
"db": "NVD",
"id": "CVE-2012-5444"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-368"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_servers_software:x7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:telepresence_video_communication_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-5444"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "57486"
}
],
"trust": 0.3
},
"cve": "CVE-2012-5444",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-5444",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-58725",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-5444",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201301-368",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-58725",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58725"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001202"
},
{
"db": "NVD",
"id": "CVE-2012-5444"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-368"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989. The problem is Bug ID CSCub67989 It is a problem.Unspecified by a third party Conductor A meeting may be created via a request. \nSuccessful exploits may allow an attacker to bypass intended security restrictions. This may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCub67989. The solution provides components such as audio and video spaces, which can provide remote participants with a \"face-to-face\" virtual meeting room effect. A remote attacker could exploit this vulnerability to create a conference through an unidentified Conductor request",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-5444"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001202"
},
{
"db": "BID",
"id": "57486"
},
{
"db": "VULHUB",
"id": "VHN-58725"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-5444",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001202",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201301-368",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20130112 CISCO TELEPRESENCE VIDEO COMMUNICATION SERVER VULNERABILITY IN POLICY SERVICES",
"trust": 0.6
},
{
"db": "BID",
"id": "57486",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-58725",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58725"
},
{
"db": "BID",
"id": "57486"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001202"
},
{
"db": "NVD",
"id": "CVE-2012-5444"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-368"
}
]
},
"id": "VAR-201301-0041",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-58725"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:29:55.329000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco TelePresence Video Communication Server Vulnerability in Policy Services",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-5444"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001202"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58725"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001202"
},
{
"db": "NVD",
"id": "CVE-2012-5444"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-5444"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5444"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5444"
},
{
"trust": 0.3,
"url": "http://www.cisco.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58725"
},
{
"db": "BID",
"id": "57486"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001202"
},
{
"db": "NVD",
"id": "CVE-2012-5444"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-368"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-58725"
},
{
"db": "BID",
"id": "57486"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001202"
},
{
"db": "NVD",
"id": "CVE-2012-5444"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-368"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-17T00:00:00",
"db": "VULHUB",
"id": "VHN-58725"
},
{
"date": "2013-01-12T00:00:00",
"db": "BID",
"id": "57486"
},
{
"date": "2013-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001202"
},
{
"date": "2013-01-17T15:55:01.500000",
"db": "NVD",
"id": "CVE-2012-5444"
},
{
"date": "2013-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-368"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-29T00:00:00",
"db": "VULHUB",
"id": "VHN-58725"
},
{
"date": "2013-01-12T00:00:00",
"db": "BID",
"id": "57486"
},
{
"date": "2013-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001202"
},
{
"date": "2013-01-29T05:00:00",
"db": "NVD",
"id": "CVE-2012-5444"
},
{
"date": "2013-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-368"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-368"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco TelePresence Video Communication Server Vulnerabilities in creating meetings",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001202"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-368"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…