PT-2013-2937 · Cisco · Cisco Unified Meetingplace Web Conferencing Server
Publicado
2013-04-11
·
Atualizado
2013-04-15
·
CVE-2013-1169
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Unified MeetingPlace Web Conferencing Server versions 7.x through 7.1MR1 Patch 1
Cisco Unified MeetingPlace Web Conferencing Server versions 8.0 through 8.0MR1 Patch 1
Cisco Unified MeetingPlace Web Conferencing Server versions 8.5 through 8.5MR3 Patch 0
Description
The issue arises when the Remember Me option is used, and it does not properly verify cookies. This allows remote attackers to impersonate users via a crafted login request.
Recommendations
For Cisco Unified MeetingPlace Web Conferencing Server versions 7.x through 7.1MR1 Patch 1, update to version 7.1MR1 Patch 2.
For Cisco Unified MeetingPlace Web Conferencing Server versions 8.0 through 8.0MR1 Patch 1, update to version 8.0MR1 Patch 2.
For Cisco Unified MeetingPlace Web Conferencing Server versions 8.5 through 8.5MR3 Patch 0, update to version 8.5MR3 Patch 1.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cisco Unified Meetingplace Web Conferencing Server