Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco WebEx Meetings Server Unauthorized Invite List Vulnerability

Cisco-SA-20150123-CVE-2014-8036 · Medium · Published · Updated

A vulnerability in the outlookpa page of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to modify the invite list of scheduled meetings. The vulnerability is due to improper sanitization of application programming interface (API) input. An attacker could exploit this vulnerability by submitting crafted URL requests to a vulnerable device. Cisco has confirmed the vulnerability in a security notice and released software updates. To exploit the vulnerability, the attacker may need access to trusted or internal networks to transmit crafted data to the targeted system. This access requirement could limit the likelihood of a successful exploit.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2014-8036
Cisco Bug IDsCSCuj40254
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco WebEx Meetings Server

Related Products

Product CVE Evidence
Cisco Webex Meetings CVE-2014-8036 Cisco OpenVuln
Cisco WebEx Meetings Server CVE-2014-8036 Cisco OpenVuln