Tandberg Video Communications Server Cross-Site Scripting (XSS) Vulnerability

Dell SecureWorks Security Advisory SWRX-2011-003

Advisory Information

Advisory ID: SWRX-2011-003
Date published: Wednesday, October 12, 2011
CVE: CVE-2011-3294
CVSS v2 Base Score: 4.3
Date of last update: Wednesday, October 12, 2011
Vendors contacted: Cisco Systems, Inc.
Release mode: Coordinated
Discovered by: Billy Hoffman, Zoompf, Inc.

Summary

A vulnerability exists in Tandberg Video Communications Server (VCS) due to improper validation of user-controlled input to the web-based administrative interface. User-controlled input supplied to the login page via the HTTP User-Agent header is not properly sanitized for illegal or malicious content prior to being returned to the user in dynamically generated web content. A remote attacker could exploit this vulnerability to perform reflected cross-site scripting (XSS) attacks.

Download the PDF

PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

SecureWorks CTU Public Key

ABOUT THE AUTHOR

カウンター・スレット・ユニット・リサーチチーム

The Secureworks Counter Threat Unit™ (CTU) is a dedicated threat research team that analyzes threat data across our global customer base and actively monitors the threat landscape.

ブログ記事一覧ページに戻る