Sign-up

ID

VAR-201506-0162


CVE

CVE-2015-0770


TITLE

Cisco TelePresence Integrator C SX20 Run on device TelePresence TC In software CRLF Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002959

DESCRIPTION

CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341. Cisco TelePresence Integrator C SX20 Run on device TelePresence TC The software includes CRLF An injection vulnerability exists. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust. This issue is being tracked by Cisco Bug ID CSCut79341

Trust: 1.98

sources: NVD: CVE-2015-0770 // JVNDB: JVNDB-2015-002959 // BID: 75026 // VULHUB: VHN-78716

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.3.2

Trust: 1.9

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.3.1

Trust: 1.9

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.1.1

Trust: 1.9

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.3.3

Trust: 1.9

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.3.2

Trust: 1.9

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.3.1

Trust: 1.9

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.3.0

Trust: 1.9

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.3.0

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.1.0

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.2.0

Trust: 1.6

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.2.1

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.1.4

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.1.3

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.1.2

Trust: 1.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.3.4

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:ltversion:6.x

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:ltversion:7.x

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.3.3

Trust: 0.8

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.3

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.1

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:7.2

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:eqversion:6.3

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:neversion:6.3.4

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:neversion:8.0.0

Trust: 0.3

vendor:ciscomodel:telepresence tc softwarescope:neversion:7.3.3

Trust: 0.3

sources: BID: 75026 // JVNDB: JVNDB-2015-002959 // CNNVD: CNNVD-201506-099 // NVD: CVE-2015-0770

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0770
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0770
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201506-099
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78716
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0770
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78716
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78716 // JVNDB: JVNDB-2015-002959 // CNNVD: CNNVD-201506-099 // NVD: CVE-2015-0770

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-93

Trust: 1.1

sources: VULHUB: VHN-78716 // JVNDB: JVNDB-2015-002959 // NVD: CVE-2015-0770

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-099

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201506-099

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002959

PATCH
title:39210url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39210
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002959

EXTERNAL IDS
db:NVDid:CVE-2015-0770
Trust: 2.8
db:SECTRACKid:1032511
Trust: 1.1
db:JVNDBid:JVNDB-2015-002959
Trust: 0.8
db:CNNVDid:CNNVD-201506-099
Trust: 0.7
db:BIDid:75026
Trust: 0.4
db:VULHUBid:VHN-78716
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78716 // 
            
            
            
            BID: 75026 // 
            
            
            
            JVNDB: JVNDB-2015-002959 // 
            
            
            
            CNNVD: CNNVD-201506-099 // 
            
            
            
            NVD: CVE-2015-0770

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39210
Trust: 2.0
url:http://www.securitytracker.com/id/1032511
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-cve-2015-0770
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0770
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78716 // 
            
            
            
            BID: 75026 // 
            
            
            
            JVNDB: JVNDB-2015-002959 // 
            
            
            
            CNNVD: CNNVD-201506-099 // 
            
            
            
            NVD: CVE-2015-0770

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75026

SOURCES
db:VULHUBid:VHN-78716
db:BIDid:75026
db:JVNDBid:JVNDB-2015-002959
db:CNNVDid:CNNVD-201506-099
db:NVDid:CVE-2015-0770

LAST UPDATE DATE
2025-04-13T23:18:09.247000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78716date:2017-01-04T00:00:00
db:BIDid:75026date:2015-06-05T00:00:00
db:JVNDBid:JVNDB-2015-002959date:2015-06-09T00:00:00
db:CNNVDid:CNNVD-201506-099date:2015-06-10T00:00:00
db:NVDid:CVE-2015-0770date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-78716date:2015-06-07T00:00:00
db:BIDid:75026date:2015-06-05T00:00:00
db:JVNDBid:JVNDB-2015-002959date:2015-06-09T00:00:00
db:CNNVDid:CNNVD-201506-099date:2015-06-08T00:00:00
db:NVDid:CVE-2015-0770date:2015-06-07T18:59:05.470