The administrative web console on the TANDBERG Video Communication Server (VCS) before X4.3 uses predictable session cookies in (1) tandberg/web/lib/secure.php and (2) tandberg/web/user/lib/secure.php, which makes it easier for remote malicious users to bypass authentication, and execute arbitrary code by loading a custom software update, via a crafted "Cookie: tandberg_login=" HTTP header.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vsecurity tandberg video communication server x2.1.0 |
||
vsecurity tandberg video communication server x1.0.0 |
||
vsecurity tandberg video communication server x4.1.0 |
||
vsecurity tandberg video communication server x3.1.0 |
||
vsecurity tandberg video communication server x3.0.0 |
||
vsecurity tandberg video communication server x1.1.0 |
||
vsecurity tandberg video communication server |
||
vsecurity tandberg video communication server x4.2.0 |
||
vsecurity tandberg video communication server x1.2.0 |
||
vsecurity tandberg video communication server x2.0.0 |