[cisco-voip] Bug Search Code Injection
Lelio Fulgenzi
lelio at uoguelph.ca
Wed Aug 28 11:08:58 EDT 2019
“In Cisco We Trust.”
---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>
www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook
[University of Guelph Cornerstone with Improve Life tagline]
From: cisco-voip <cisco-voip-bounces at puck.nether.net> On Behalf Of Anthony Holloway
Sent: Wednesday, August 28, 2019 10:42 AM
To: Cisco VoIP Group <cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Bug Search Code Injection
Here is the response I got back after Cisco looked into my report:
"And as CDETS is not accessible to external users no malicious code can be entered and internal users will not enter any malicious code."
On Thu, Aug 22, 2019 at 10:02 AM Anthony Holloway <avholloway+cisco-voip at gmail.com<mailto:avholloway%2Bcisco-voip at gmail.com>> wrote:
FWIW I submitted feedback via the website and have already been contacted by someone on the Bug Search Tool team stating they're looking in to it.
[image.png]
On Tue, Aug 20, 2019 at 9:35 AM Anthony Holloway <avholloway+cisco-voip at gmail.com<mailto:avholloway%2Bcisco-voip at gmail.com>> wrote:
Looks like I stumbled across some code injection on the following defect page:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq27976
It's innocent enough, but concerning that it's even possible.
[image.png]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190828/8eaf201f/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 1297 bytes
Desc: image001.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190828/8eaf201f/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 48191 bytes
Desc: image002.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190828/8eaf201f/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 72641 bytes
Desc: image003.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190828/8eaf201f/attachment-0002.png>
More information about the cisco-voip
mailing list