Cisco WebEx Meeting Center Data and Credential Exposure Vulnerability

Cisco-SA-20150623-CVE-2015-4212 · Medium · Published 10 years ago · Updated 10 years ago

Data: Cisco advisories 1 day ago · Cisco CSAF 5 hours ago · NVD CVEs 8 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to access data and credentials. The vulnerability is due to the exposure of sensitive information. An attacker could exploit this vulnerability to access data and credentials. Cisco has confirmed the vulnerability and released software updates. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators can help protect affected systems from external attacks by using a solid firewall strategy.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

CVEs	CVE-2015-4212
Cisco Bug IDs	CSCut17466
CVSS Score	Base 5.0 Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C

Products with public affected evidence

Product	CVE	Affected evidence
Cisco WebEx Meeting Center	CVE-2015-4212	structured affected CSAF product_status