Vulnslist

find the latest Cisco vulnerabilities

Multiple Vulnerabilities in Cisco Unified MeetingPlace Solution

cisco-sa-20130410-mp · Critical · Published · Updated

Cisco Unified MeetingPlace Application Server contains an authentication bypass vulnerability and Cisco Unified MeetingPlace Web Conferencing Server contains an arbitrary login vulnerability. For both vulnerabilities, successful exploitation could allow an unauthenticated, remote attacker to impersonate a legitimate user and send arbitrary commands to the affected system with the privileges of that user. Cisco has released software updates that address these vulnerabilities. A workaround is available for the Cisco Unified MeetingPlace Web Conferencing Server Arbitrary Login Vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that mitigate the Cisco Unified MeetingPlace Application Server Authentication Bypass Vulnerability.

Disabling the Remember Me authentication option mitigates the Cisco Unified MeetingPlace Web Conferencing Server Arbitrary Login Vulnerability.

To disable the Remember Me authentication option, navigate to Home > Administration > Web Server and under Web Server Customization Values section set Allow Remember Me value to No.

CVEsCVE-2013-1168, CVE-2013-1169
Cisco Bug IDsCSCuc64846, CSCuc64885
CVSS ScoreBase 9.3
Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
Base 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco Unified MeetingPlace, Cisco Unified MeetingPlace Web Conferencing

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2013-1169 Cisco OpenVuln
Cisco RV Series Routers CVE-2013-1168 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2013-1169 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2013-1168 Cisco OpenVuln
Cisco MATE Collector, Design, Live CVE-2013-1169 Cisco OpenVuln
Cisco MATE Collector, Design, Live CVE-2013-1168 Cisco OpenVuln
Cisco Unified MeetingPlace Web Conferencing CVE-2013-1169 Cisco OpenVuln
Cisco Unified MeetingPlace Web Conferencing CVE-2013-1168 Cisco OpenVuln
Cisco Unified MeetingPlace CVE-2013-1169 Cisco OpenVuln
Cisco Unified MeetingPlace CVE-2013-1168 Cisco OpenVuln