Lucene search

CiscoCISCO-SA-20150204-WBX

HistoryFeb 04, 2015 - 4:00 p.m.

Cisco WebEx Meetings Server Command Injection Vulnerability

2015-02-0416:00:00

tools.cisco.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

EPSS

0.003

Percentile

71.4%

JSON

A vulnerability in the administrative web interface of Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary commands on the affected system and on the devices managed by the affected system.

The vulnerability is due to improper user input validation. An attacker could exploit this vulnerability by crafting input into the affected fields of the web interface.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx”]

Affected configurations

Vulners

Node

ciscowebex_meetings_serverMatchany

VendorProductVersionCPE
ciscowebex_meetings_serveranycpe:2.3:a:cisco:webex_meetings_server:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	webex_meetings_server	any	cpe:2.3:a:cisco:webex_meetings_server:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

EPSS

0.003

Percentile

71.4%

JSON

Related for CISCO-SA-20150204-WBX