CVE-2011-2544

Published: Sep 23, 2011Modified: Apr 29, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488.

Affected (7)

Products: Cisco: Telepresence System 1000 Mxp, Telepresence System 1700 Mxp, Telepresence Mxp Software

3 products

Telepresence System 1000 Mxp

Telepresence System 1700 Mxp

Telepresence Mxp Software

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Cisco Telepresence System 1000 Mxp	All versions
Cisco Telepresence System 1700 Mxp	All versions
Cisco Telepresence Mxp Software	Up to f9.1
Cisco Telepresence Mxp Software	Version f8.2
Cisco Telepresence Mxp Software	Version f9.0.1
Cisco Telepresence Mxp Software	Version f9.0.2
Cisco Telepresence Mxp Software	Version f9.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (16)

http://secunia.com/advisories/46057

Source: psirt@cisco.com

Vendor Advisory

http://secunia.com/advisories/46109

Source: psirt@cisco.com

Vendor Advisory

http://securityreason.com/securityalert/8393

Source: psirt@cisco.com

http://securitytracker.com/id?1026072

Source: psirt@cisco.com

http://www.exploit-db.com/exploits/17871

Source: psirt@cisco.com

Exploit

http://www.securityfocus.com/archive/1/519698/100/0/threaded

Source: psirt@cisco.com

http://www.securityfocus.com/bid/49670

Source: psirt@cisco.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/69906

Source: psirt@cisco.com

http://secunia.com/advisories/46057

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/46109

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securityreason.com/securityalert/8393

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1026072

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.exploit-db.com/exploits/17871

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/archive/1/519698/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/49670

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/69906

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.