CVE-2009-4509

Name of the Vulnerable Software and Affected Versions TANDBERG Video Communication Server (VCS) versions prior to X4.3

Description The issue concerns the administrative web console of the TANDBERG Video Communication Server (VCS). It uses predictable session cookies in certain PHP files, making it easier for remote attackers to bypass authentication and potentially execute arbitrary code. This can be achieved by loading a custom software update via a crafted "Cookie: tandberg login=" HTTP header.

Recommendations For versions prior to X4.3, update to version X4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative web console to minimize the risk of exploitation. Avoid using the tandberg login cookie in the affected HTTP header until the issue is resolved.