CVE-2018-15446

Name of the Vulnerable Software and Affected Versions Cisco Meeting Server (affected versions not specified)

Description The issue is caused by errors in handling user requests. It may allow a remote attacker to gain access to sensitive information by sending specially crafted requests. The vulnerability is due to improper protections on data returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this by sending meeting requests to an affected system, potentially determining the values of meeting room unique identifiers and allowing further exploits.

Recommendations For Cisco Meeting Server, consider changing the Guest access via ID and passcode option from Legacy mode to a more secure setting until a patch is available. As a temporary workaround, restrict access to meeting requests to minimize the risk of exploitation. Avoid using the Legacy mode for Guest access via ID and passcode until the issue is resolved.