Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the web-based management interface of Cisco TelePresence Management Suite (TMS) Release 15.13.6. This vulnerability allows low-privileged, remote attackers to inject malicious scripts that could be executed in the context of the user's browser session, potentially accessing sensitive information.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject and execute malicious scripts in the context of the user's session.

Remediation

Cisco has not released and will not release software updates to address this vulnerability, as Cisco TMS has entered the end-of-life process. Customers are advised to migrate to one of the recommended service providers as described in the End-of-Sale and End-of-Life documentation.