Rewterz Threat Advisory – Cisco Webex Network Recording Player and Cisco Webex Player
April 17, 2020Rewterz Threat Advisory – CVE-2020-3261 – Cisco Mobility Express Software Cross-Site Request Forgery
April 17, 2020Rewterz Threat Advisory – Cisco Webex Network Recording Player and Cisco Webex Player
April 17, 2020Rewterz Threat Advisory – CVE-2020-3261 – Cisco Mobility Express Software Cross-Site Request Forgery
April 17, 2020Severity
High
Analysis Summary
The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with rootprivileges or cause a reload of an affected IP phone, resulting in a DoS condition.
Impact
Denial of service
Affected Vendors
Cisco
Affected Products
Cisco IP Phone Web Application
Remediation
Please refer to vendor’s advisory for the list of affected products and patches.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp