SNS Vulnerability

Cisco TelePresence SX20 Carriage Return Line Feed Vulnerability

Description

A vulnerability has been identified in Cisco TelePresence TC Software.
A remote attacker could exploit it in order to inject arbitrary HTML code in HTTP response header, by inciting their victim to follow a specially crafted link.
This vulnerability provides from a lack of user input filtering.
Cisco indicates that a private exploitation code exists.

Vulnerable Products

Vulnerable Software:
TelePresence TC Software (Cisco) - 6.3.0, 6.3.1, 6.3.2, 6.3.3, 7.1.0, ..., 7.2.0, 7.2.1, 7.3, 7.3.1, 7.3.2

Solution

Cisco has released new versions for Cisco TelePresence TC Software which fixes this vulnerability.

CVE

CVE-2015-0770

References

- CSCut79341: Cisco TelePresence SX20 HTTP Response Splitting Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39210

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
HTTP Request Smuggling : HTTP command found in header	3.2.0
HTTP Response Splitting : suspicious Content-Length in URL	3.2.0
HTTP Response Splitting : suspicious HTTP/1.x in URL	3.2.0
HTTP Request Smuggling : Content-Length and Transfer-Encoding: chunked fields in header	3.2.0
HTTP Response Splitting : suspicious Set-Cookie in URL	3.2.0
HTTP Request Smuggling : suspicious syntax using HTTP keyword	3.2.0
HTTP Request Smuggling : multiple Content-Length fields	3.2.0
HTTP Response Splitting : suspicious Content-Type in URL	3.5.0

Risk level

Moderate

Vulnerability First Public Report Date

2015-06-05

Target Type

Client

Possible exploit

Remote