CVE-2011-2544

Name of the Vulnerable Software and Affected Versions Cisco TelePresence System MXP Series version F9.1 and earlier

Description The issue is related to a cross-site scripting (XSS) vulnerability in the web interface. This allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID. As a result, it can lead to cross-site request forgery (CSRF) attacks, which can cause actions such as changing passwords or resulting in a denial of service.

Recommendations For Cisco TelePresence System MXP Series version F9.1 and earlier, update to a version later than F9.1 to resolve the issue.