Cisco-SA-20150622-CVE-2015-4209

Cisco WebEx Meetings Host Calendar Download Vulnerability

Cisco-SA-20150622-CVE-2015-4209 · Medium · Published 10 years ago · Updated 10 years ago

A vulnerability in Cisco WebEx Meetings could allow an unauthenticated, remote attacker to access and download calendar files without authorization.   The vulnerability is due to inconsistent authorization checks. An attacker could exploit this vulnerability by enumerating scheduled meetings and downloading the host calendar for each meeting.  Cisco has confirmed the vulnerability and released software updates. To exploit this vulnerability, an attacker must first be able to enumerate scheduled meetings from a targeted device, making exploitation more difficult in environments that restrict network access from untrusted sources.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

CVEs	CVE-2015-4209
Cisco Bug IDs	CSCur23913
CVSS Score	Base 5.8 Base 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P/E:H/RL:OF/RC:C

Public Affected Products

Product	CVE	Evidence
Cisco WebEx Meeting Center	CVE-2015-4209	Cisco CSAF · structured affected

Vulnslist

Cisco product, release, and evidence lookup

Cisco WebEx Meetings Host Calendar Download Vulnerability

Workarounds

Public Affected Products