CVE-2019-1872 MEDIUM

CVE-2019-1872: Cisco TelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery Vulnerability

Vendor Cisco
Product Cisco TelePresence Video Communication Server (VCS)
Weakness CWE-918 · SSRF
Published June 5, 2019
Last update November 19, 2024
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the affected software. An attacker could exploit this vulnerability by sending malicious requests to the affected system. A successful exploit could allow the attacker to send arbitrary network requests sourced from the affected system.

Key dates

02Disclosure timeline

June 5, 2019 CVE published
November 19, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-25162 Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs CVE-2024-0304 Youke365 collect.php server-side request forgery CVE-2025-9975 WP Scraper <= 5.8.1 - Authenticated (Administrator+) Server-Side Request Forgery CVE-2023-3025 Dropbox Folder Share <= 1.9.7 - Unauthenticated Server-Side Request Forgery via 'link' CVE-2025-42965 Server Side Request Forgery(SSRF) vulnerability in SAP BusinessObjects BI Platform Central Management Console Promotion Management Application