Executive Summary

Summary
Title Multiple Vulnerabilities in Cisco Unified MeetingPlace Solution
Informations
Name cisco-sa-20130410-mp First vendor Publication 2013-04-10
Vendor Cisco Last vendor Modification 2013-04-10
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco Unified MeetingPlace Application Server contains an authentication bypass vulnerability and Cisco Unified MeetingPlace Web Conferencing Server contains an arbitrary login vulnerability. For both vulnerabilities, successful exploitation could allow an unauthenticated, remote attacker to impersonate a legitimate user and send arbitrary commands to the affected system with the privileges of that user.

Cisco has released free software updates that address these vulnerabilities. A workaround is available for the Cisco Unified MeetingPlace Web Conferencing Server Arbitrary Login Vulnerability. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp

BEGIN PGP SIGNATURE Version: GnuPG v1.4.11 (GNU/Linux)

iF4EAREIAAYFAlFlkTIACgkQUddfH3/BbTry0QD/awwTnQ3pFKZZaKwl0jslafJC P3L5GHiKhL9bE92KEkMA/RRgoVb0TOUiTubSi1c3jnQKZVtI19zWdYElJkYcQSXP =7GS +END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 14
Application 3

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-04-18 IAVM : 2013-B-0037 - Multiple Vulnerabilities in Cisco Unified MeetingPlace Products
Severity : Category I - VMSKEY : V0037665

Nessus® Vulnerability Scanner

Date Description
2013-09-23 Name : The remote web server is running a conferencing application with multiple ses...
File : cisco-sa-20130410-mp.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2014-02-17 10:22:09
  • Multiple Updates
2013-11-11 12:37:31
  • Multiple Updates
2013-04-11 21:20:35
  • Multiple Updates
2013-04-11 00:18:57
  • First insertion