CVE-2018-0359

Name of the Vulnerable Software and Affected Versions Cisco Meeting Server (affected versions not specified)

Description A session identification management issue in the web-based management interface could allow an unauthenticated, local attacker to hijack a valid user session identifier. This occurs because the application does not assign a new session identifier upon user authentication. An attacker could exploit this by using a hijacked session identifier to connect through the web-based management interface, potentially allowing them to hijack an authenticated user's browser session.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.