CVE-2011-2544

Cisco TelePresence System MXP Series < F9.1 - Authenticated Cross-Site Scripting via Call ID

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-2544. PoCs published by Sense of Security.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Cisco TelePresence Series, including HTML injection (CVE-2011-2544), memory corruption (CVE-2011-2543), and SIP DoS (CVE-2011-2577). It provides technical analysis, proof-of-concept examples, and crash logs.

Description

Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488.

Exploits (1)

exploitdb WRITEUP

by Sense of Security · textwebappshardware

https://www.exploit-db.com/exploits/17871

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in Cisco TelePresence Series, including HTML injection (CVE-2011-2544), memory corruption (CVE-2011-2543), and SIP DoS (CVE-2011-2577). It provides technical analysis, proof-of-concept examples, and crash logs.

Classification

Writeup 100%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Cisco TelePresence Series (C <= TC4.1.2, MXP <= F9.1)

Auth required

Prerequisites: Network access to the target device · Authenticated session for HTML injection

MITRE ATT&CK