Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Multiple Vulnerabilities in Cisco Unified MeetingPlace
Informations
Name cisco-sa-20100127-mp First vendor Publication 2009-10-26
Vendor Cisco Last vendor Modification 2010-01-27
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities exist in Cisco Unified MeetingPlace. This security advisory outlines the details of these vulnerabilities:

* Insufficient validation of SQL commands
* Unauthorized account creation
* User and password enumeration in Cisco MeetingTime
* Privilege escalation in Cisco MeetingTime

Workarounds are not available for these vulnerabilities.

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20100127-mp.shtml

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-264 Permissions, Privileges, and Access Controls
33 % CWE-255 Credentials Management
33 % CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 11

Open Source Vulnerability Database (OSVDB)

Id Description
62051 Cisco Unified MeetingPlace MeetingTime Crafted Authentication Sequence Remote...
62050 Cisco Unified MeetingPlace MeetingTime Audio Server Authentication Sequence R...
62049 Cisco Unified MeetingPlace Web Server Internal Interface Crafted URL Admin Ac...
62048 Cisco Unified MeetingPlace SQL Command Validation Weakness