Vulnslist

Multiple Cisco WebEx Products Cache Directory Read Vulnerability

Cisco-SA-20130502-CVE-2013-1231 · Medium · Published 13 years ago · Updated 13 years ago

A vulnerability in multiple Cisco WebEx products could allow an unauthenticated, remote attacker to read files from the cache directory. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by passing a crafted HTTP request to a WebEx node and read files from the cache directory. Cisco has confirmed the vulnerability in a security notice and software updates are available. To exploit the vulnerability, an attacker would likely need access to a trusted, internal network to send crafted HTTP requests to the targeted system. This access requirement may reduce the likelihood of a successful attack. Customers are advised to review the bug reports in the "Vendor Announcements" section for a current list of affected versions. Software updates are available for Cisco WebEx Meetings Server; however, at the time this alert was first published, software updates for Cisco WebEx Node for MCS were not available. Administrators are advised to contact the vendor regarding future updates and releases.

Cisco advisory · CSAF JSON

Workarounds

Related Products