PT-2013-2937 · Cisco · Cisco Unified Meetingplace Web Conferencing Server
Published
2013-04-11
·
Updated
2013-04-15
·
CVE-2013-1169
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Unified MeetingPlace Web Conferencing Server versions 7.x through 7.1MR1 Patch 1
Cisco Unified MeetingPlace Web Conferencing Server versions 8.0 through 8.0MR1 Patch 1
Cisco Unified MeetingPlace Web Conferencing Server versions 8.5 through 8.5MR3 Patch 0
Description
The issue arises when the Remember Me option is used, and it does not properly verify cookies. This allows remote attackers to impersonate users via a crafted login request.
Recommendations
For Cisco Unified MeetingPlace Web Conferencing Server versions 7.x through 7.1MR1 Patch 1, update to version 7.1MR1 Patch 2.
For Cisco Unified MeetingPlace Web Conferencing Server versions 8.0 through 8.0MR1 Patch 1, update to version 8.0MR1 Patch 2.
For Cisco Unified MeetingPlace Web Conferencing Server versions 8.5 through 8.5MR3 Patch 0, update to version 8.5MR3 Patch 1.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Unified Meetingplace Web Conferencing Server