Cisco-SA-20150603-CVE-2015-0764

Cisco Unified MeetingPlace Arbitrary File Download Vulnerability

Cisco-SA-20150603-CVE-2015-0764 · Medium · Published 10 years ago · Updated 10 years ago

A vulnerability in the Cisco Unified MeetingPlace application could allow an unauthenticated, remote attacker to retrieve arbitrary files. The vulnerability is due to improper handling of requests for resources by an affected device. An unauthenticated, remote attacker could exploit this vulnerability to download arbitrary files from a targeted device. A successful exploit could be used to conduct further attacks. Cisco has confirmed the vulnerability and released software updates. Attackers must send requests to vulnerable systems, possibly limiting the potential for exploitation in environments that restrict network access from untrusted networks.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

CVEs	CVE-2015-0764
Cisco Bug IDs	CSCus95603, CSCuu63631
CVSS Score	Base 5.0 Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C
Product Names From Source	Cisco Unified MeetingPlace

Related Products

Product	CVE	Evidence

Vulnslist

find the latest Cisco vulnerabilities

Cisco Unified MeetingPlace Arbitrary File Download Vulnerability

Workarounds

Related Products