Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability

Cisco-SA-20150123-CVE-2014-8031 · Medium · Published · Updated

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the user of the affected system to follow a malicious link or visit an attacker-controlled website. Cisco has confirmed the vulnerability in a security notice and has released software updates. To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

For additional information about cross-site request forgery attacks and potential methods of mitigation, see the Cisco Applied Mitigation Bulletin Understanding Cross-Site Request Forgery Threat Vectors["http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=28726"]

Administrators are advised to monitor affected systems.

CVEsCVE-2014-8031
Cisco Bug IDsCSCuj40456
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco WebEx Meetings Server

Related Products

Product CVE Evidence
Cisco Webex Meetings CVE-2014-8031 Cisco OpenVuln
Cisco WebEx Meetings Server CVE-2014-8031 Cisco OpenVuln