一、 漏洞 CVE-2019-1722 基础信息
漏洞标题
Cisco Expressway系列和Cisco TelePresence视频通信服务器跨站请求伪造漏洞
来源:AIGC 神龙大模型
漏洞描述信息
Cisco Expressway系列和Cisco TelePresence视频通信服务器跨站请求伪造漏洞
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
来源:AIGC 神龙大模型
漏洞类别
N/A
来源:AIGC 神龙大模型
漏洞标题
Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. The arbitrary actions include adding an attacker-controlled device and redirecting calls intended for a specific user. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors. This vulnerability is fixed in software version X12.5.1 and later.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
跨站请求伪造(CSRF)
来源:美国国家漏洞数据库 NVD
漏洞标题
Cisco Expressway Series和Cisco TelePresence Video Communication Server 跨站请求伪造漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Cisco Expressway Series和Cisco TelePresence Video Communication Server(VCS)都是美国思科(Cisco)公司的产品。Cisco Expressway Series是一款用于统一通信的高级协作网关。Cisco TelePresence Video Communication Server是一款视频通信服务器。 Cisco Expressway Series和Cisco TelePresence VCS中的FindMe功能存在跨站请求伪造漏
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
跨站请求伪造
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2019-1722 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2019-1722 的情报信息