Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Jabber for Windows Web-Based User Interface Information Disclosure Vulnerability

Cisco-SA-20150623-CVE-2015-4218 · Medium · Published · Updated

A vulnerability in the web-based user interface of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to have read access to information stored in the affected system. The vulnerability is due to insufficient validation of specific values passed via HTTP GET methods by the affected software. An attacker could exploit this vulnerability by submitting crafted requests to a targeted system. If successful, the attacker could access sensitive system information from the system. Cisco has confirmed the vulnerability; however, software updates are not available. To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the link. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to contact the vendor regarding future updates and releases.

Administrators are advised to allow only trusted users to have network access.

Users are advised not to visit websites or follow links that contain suspicious characteristics or that cannot be verified as safe.

Administrators are advised to monitor affected systems.

CVEsCVE-2015-4218
Cisco Bug IDsCSCuu65622, CSCuu70858
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C
Product Names From Source
Cisco Jabber for Windows

Related Products

Product CVE Evidence
Cisco Jabber for Windows CVE-2015-4218 Cisco OpenVuln
Cisco Jabber CVE-2015-4218 Cisco OpenVuln