Vulnslist

find the latest Cisco vulnerabilities

Cisco WebEx Meeting Center GET Parameter Vulnerability

Cisco-SA-20150623-CVE-2015-4208 · Medium · Published · Updated

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to view sensitive information that is transmitted in GET parameters or perform SQL injection.   The vulnerability is due to the inclusion of sensitive information in the URL as GET parameters. An attacker could exploit this vulnerability by viewing application URL requests containing sensitive information in GET parameters or by injecting SQL commands directly into the URL. Cisco has confirmed the vulnerability and released software updates. A successful exploit of this vulnerability could be leveraged by an attacker to conduct further attacks. Administrators are advised to ensure only trusted users have authorized access to interact with an affected device.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

For additional information about SQL injection attacks and defenses, see Understanding SQL Injectionhttp://www.cisco.com/web/about/security/intelligence/sql_injection.html .

Administrators are advised to monitor affected systems.

CVEsCVE-2015-4208
Cisco Bug IDsNA
CVSS ScoreBase 6.4
Base 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C
Product Names From Source
Cisco WebEx Meeting Center

CSAF Product Statuses

Product Status Source CVE Rows
Cisco WebEx Meeting Center known_affected cisco_csaf CVE-2015-4208 1

Related Products

Product CVE Evidence
Cisco WebEx Meeting Center CVE-2015-4208 Cisco OpenVuln