INFORMATION

Name : CVE-2010-0140 First Publication : 2010-01-28
Severity : Critical Last Modification : 2010-01-31

SCORING CVSS v2

Cvss Base Score : 10 Attack Range : Network
Cvss Impact Score : 10 Attack Complexity : Low
Cvss Expoit Score : 10 Authentification : None Required

Calculate full CVSS 2.0 Vectors scores

DETAIL

Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661.



CPE COMMON PLATFORM ENUMERATION


OPEN SOURCE VULNERABILTY DATABASE (OSVDB)

62049 : Cisco Unified MeetingPlace Web Server Internal Interface Crafted URL Admin Account Creation.


SECONDARY(S) SOURCE(S)


Source : BID
Url : http://www.securityfocus.com/bid/37965

Source : CISCO
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1490b.shtml