Sign-up

ID

VAR-201301-0041


CVE

CVE-2012-5444


TITLE

Cisco TelePresence Video Communication Server Vulnerabilities in creating meetings

Trust: 0.8

sources: JVNDB: JVNDB-2013-001202

DESCRIPTION

Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989. The problem is Bug ID CSCub67989 It is a problem.Unspecified by a third party Conductor A meeting may be created via a request. Successful exploits may allow an attacker to bypass intended security restrictions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCub67989. The solution provides components such as audio and video spaces, which can provide remote participants with a "face-to-face" virtual meeting room effect. A remote attacker could exploit this vulnerability to create a conference through an unidentified Conductor request

Trust: 1.98

sources: NVD: CVE-2012-5444 // JVNDB: JVNDB-2013-001202 // BID: 57486 // VULHUB: VHN-58725

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication servers softwarescope:eqversion:x7.0.3

Trust: 1.6

vendor:ciscomodel:telepresence video communication server softwarescope:eqversion:x7.0.3

Trust: 0.8

vendor:ciscomodel:telepresence video communication serverscope:eqversion:x7.0.3

Trust: 0.3

sources: BID: 57486 // JVNDB: JVNDB-2013-001202 // CNNVD: CNNVD-201301-368 // NVD: CVE-2012-5444

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-5444
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-5444
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201301-368
value: MEDIUM

Trust: 0.6

VULHUB: VHN-58725
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-5444
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-58725
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-58725 // JVNDB: JVNDB-2013-001202 // CNNVD: CNNVD-201301-368 // NVD: CVE-2012-5444

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-58725 // JVNDB: JVNDB-2013-001202 // NVD: CVE-2012-5444

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201301-368

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201301-368

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-001202

PATCH
title:Cisco TelePresence Video Communication Server Vulnerability in Policy Servicesurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5444
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-001202

EXTERNAL IDS
db:NVDid:CVE-2012-5444
Trust: 2.8
db:JVNDBid:JVNDB-2013-001202
Trust: 0.8
db:CNNVDid:CNNVD-201301-368
Trust: 0.7
db:CISCOid:20130112 CISCO TELEPRESENCE VIDEO COMMUNICATION SERVER VULNERABILITY IN POLICY SERVICES
Trust: 0.6
db:BIDid:57486
Trust: 0.4
db:VULHUBid:VHN-58725
Trust: 0.1
sources:
            
            
            VULHUB: VHN-58725 // 
            
            
            
            BID: 57486 // 
            
            
            
            JVNDB: JVNDB-2013-001202 // 
            
            
            
            CNNVD: CNNVD-201301-368 // 
            
            
            
            NVD: CVE-2012-5444

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-5444
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5444
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5444
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-58725 // 
            
            
            
            BID: 57486 // 
            
            
            
            JVNDB: JVNDB-2013-001202 // 
            
            
            
            CNNVD: CNNVD-201301-368 // 
            
            
            
            NVD: CVE-2012-5444

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 57486

SOURCES
db:VULHUBid:VHN-58725
db:BIDid:57486
db:JVNDBid:JVNDB-2013-001202
db:CNNVDid:CNNVD-201301-368
db:NVDid:CVE-2012-5444

LAST UPDATE DATE
2024-11-23T22:56:41.514000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-58725date:2013-01-29T00:00:00
db:BIDid:57486date:2013-01-12T00:00:00
db:JVNDBid:JVNDB-2013-001202date:2013-01-22T00:00:00
db:CNNVDid:CNNVD-201301-368date:2013-01-18T00:00:00
db:NVDid:CVE-2012-5444date:2024-11-21T01:44:41

SOURCES RELEASE DATE
db:VULHUBid:VHN-58725date:2013-01-17T00:00:00
db:BIDid:57486date:2013-01-12T00:00:00
db:JVNDBid:JVNDB-2013-001202date:2013-01-22T00:00:00
db:CNNVDid:CNNVD-201301-368date:2013-01-18T00:00:00
db:NVDid:CVE-2012-5444date:2013-01-17T15:55:01.500