Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability
Description
A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. The arbitrary actions include adding an attacker-controlled device and redirecting calls intended for a specific user. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors. This vulnerability is fixed in software version X12.5.1 and later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A CSRF vulnerability in the FindMe feature of Cisco Expressway Series and TelePresence VCS allows unauthenticated remote attackers to perform arbitrary actions via a crafted link.
Vulnerability
The vulnerability resides in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). It is a cross-site request forgery (CSRF) flaw caused by insufficient CSRF protections in the web-based management interface. All software versions prior to X12.5.1 are affected [1].
Exploitation
An unauthenticated, remote attacker can exploit this vulnerability by convincing a user of the management interface to click a maliciously crafted link. No authentication is required for the attacker, but user interaction is necessary. The attacker can then perform arbitrary actions with the privileges of the targeted user [1].
Impact
Successful exploitation allows the attacker to perform arbitrary actions on the affected system, including adding an attacker-controlled device and redirecting calls intended for a specific user. This can lead to call interception, redirection, and potential information disclosure [1].
Mitigation
Cisco has fixed this vulnerability in software version X12.5.1 and later. No workarounds are available. Users should upgrade to a fixed release as soon as possible. The vulnerability is not known to be listed in CISA's Known Exploited Vulnerabilities catalog [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3<X12.5.1+ 1 more
- (no CPE)range: <X12.5.1
- (no CPE)range: unspecified
- Range: <X12.5.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ex-vcs-xsrfmitrevendor-advisoryx_refsource_CISCO
- www.securityfocus.com/bid/108006mitrevdb-entryx_refsource_BID
News mentions
0No linked articles in our index yet.