CVE-2017-12249

Name of the Vulnerable Software and Affected Versions Cisco Meeting Server (CMS) versions prior to 2.0.16 Cisco Meeting Server (CMS) versions prior to 2.1.11 Cisco Meeting Server (CMS) versions prior to 2.2.6

Description A vulnerability in the Traversal Using Relay NAT (TURN) server could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. This is due to an incorrect default configuration of the TURN server, which could expose internal interfaces and ports on the external interface of an affected system. An attacker could exploit this vulnerability by using a TURN server to perform an unauthorized connection to a Call Bridge, a Web Bridge, or a database cluster in an affected system. A successful exploit could allow the attacker to gain unauthenticated access to a Call Bridge or database cluster or gain unauthorized access to sensitive meeting information.

Recommendations For versions prior to 2.0.16, update to Release 2.0.16 or later. For versions prior to 2.1.11, update to Release 2.1.11 or later. For versions prior to 2.2.6, update to Release 2.2.6 or later.