cisco-sa-20161221-jabber

Cisco Jabber Guest Server HTTP URL Redirection Vulnerability

cisco-sa-20161221-jabber · Medium · Published 9 years ago · Updated 9 years ago

A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco Jabber Guest Server. An attacker could exploit this vulnerability by sending a crafted URL to the Cisco Jabber Guest Server. An exploit could allow an attacker to connect to arbitrary hosts. Workarounds that address this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-jabber

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEs	CVE-2016-9224
Cisco Bug IDs	CSCvc31635
CVSS Score	Base 4.3 Base 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C
Product Names From Source	Cisco Jabber Guest

Related Products

Product	CVE	Evidence
Cisco Jabber Guest	CVE-2016-9224	Cisco OpenVuln
Cisco Jabber	CVE-2016-9224	Cisco OpenVuln

Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Jabber Guest Server HTTP URL Redirection Vulnerability

Workarounds

Related Products