Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco WebEx Meetings Server Information Disclosure Vulnerability

Cisco-SA-20150123-CVE-2015-0583 · Medium · Published · Updated

A vulnerability in the file URI scheme of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to inclusion of sensitive information in URLs. An attacker could exploit the vulnerability by viewing application URL requests that contain sensitive information. Cisco has confirmed the vulnerability and released updated software. To exploit the vulnerability, the attacker may need access to trusted or internal networks to view application URL requests made by the affected software. This access requirement could limit the likelihood of a successful exploit.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2015-0583
Cisco Bug IDsCSCus18281
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco WebEx Meeting Center

Related Products

Product CVE Evidence
Cisco Webex Meetings CVE-2015-0583 Cisco OpenVuln
Cisco WebEx Meetings Server CVE-2015-0583 Cisco OpenVuln
Cisco WebEx Meeting Center CVE-2015-0583 Cisco OpenVuln