CVE-2015-0697

EUVD-2015-0710
Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
ciscotelepresence_tc_software
6.0.0
ciscotelepresence_tc_software
6.0.0-cucm
ciscotelepresence_tc_software
6.0.1
ciscotelepresence_tc_software
6.0.1-cucm
ciscotelepresence_tc_software
6.0.2
ciscotelepresence_tc_software
6.0_base:_base
ciscotelepresence_tc_software
6.1.0
ciscotelepresence_tc_software
6.1.0-cucm
ciscotelepresence_tc_software
6.1.1
ciscotelepresence_tc_software
6.1.1-cucm
ciscotelepresence_tc_software
6.1.2
ciscotelepresence_tc_software
6.1.2-cucm
ciscotelepresence_tc_software
6.1_base:_base
ciscotelepresence_tc_software
6.3_base:_base
ciscotelepresence_tc_software
7.2_base:_base
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/viewAlert.x?alertId=38350
http://www.securitytracker.com/id/1032136
http://tools.cisco.com/security/center/viewAlert.x?alertId=38350
http://www.securitytracker.com/id/1032136