Cisco Expressway Series and Cisco TelePresence Video Communication Server are vulnerable to a man-in-the-middle attack, caused by improper certificate validation. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or alter the contents of the traffic.
Cisco Expressway Series and Cisco TelePresence Video Communication Server are vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote authenticated attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.