Lucene search
CiscoCVE-2015-4262HistoryJul 24, 2015 - 2:59 p.m.
CVE-2015-4262
2015-07-2414:59:02
CWE-255
cisco
web.nvd.nist.gov
40
cisco
unified meetingplace
web conferencing
password change
remote attack
cve-2015-4262
nvd
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.8
Confidence
Low
EPSS
0.002
Percentile
52.6%
The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839.
Affected configurations
Node
ciscounified_meetingplace_web_conferencingMatch6.0.417.0
ORciscounified_meetingplace_web_conferencingMatch6.0_base
ORciscounified_meetingplace_web_conferencingMatch7.0\(1\)
ORciscounified_meetingplace_web_conferencingMatch7.0\(2\)
ORciscounified_meetingplace_web_conferencingMatch7.0\(2\)_sr1
ORciscounified_meetingplace_web_conferencingMatch7.0\(3\)
ORciscounified_meetingplace_web_conferencingMatch7.1\(1\)
ORciscounified_meetingplace_web_conferencingMatch7.1\(2\)
ORciscounified_meetingplace_web_conferencingMatch8.0\(1\)
ORciscounified_meetingplace_web_conferencingMatch8.0\(1\)_sr1
ORciscounified_meetingplace_web_conferencingMatch8.0\(2\)
ORciscounified_meetingplace_web_conferencingMatch8.5\(1\)
ORciscounified_meetingplace_web_conferencingMatch8.5\(2\)
ORciscounified_meetingplace_web_conferencingMatch8.5\(2\)_sr1
ORciscounified_meetingplace_web_conferencingMatch8.5\(2\)_sr2
ORciscounified_meetingplace_web_conferencingMatch8.5\(3\)
ORciscounified_meetingplace_web_conferencingMatch8.5\(4\)
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | unified_meetingplace_web_conferencing | 6.0.417.0 | cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:6.0.417.0:*:*:*:*:*:*:* |
| cisco | unified_meetingplace_web_conferencing | 6.0_base | cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:6.0_base:*:*:*:*:*:*:* |
| cisco | unified_meetingplace_web_conferencing | 7.0(1) | cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.0\(1\):*:*:*:*:*:*:* |
| cisco | unified_meetingplace_web_conferencing | 7.0(2) | cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.0\(2\):*:*:*:*:*:*:* |
| cisco | unified_meetingplace_web_conferencing | 7.0(2)_sr1 | cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.0\(2\)_sr1:*:*:*:*:*:*:* |
| cisco | unified_meetingplace_web_conferencing | 7.0(3) | cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.0\(3\):*:*:*:*:*:*:* |
| cisco | unified_meetingplace_web_conferencing | 7.1(1) | cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.1\(1\):*:*:*:*:*:*:* |
| cisco | unified_meetingplace_web_conferencing | 7.1(2) | cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.1\(2\):*:*:*:*:*:*:* |
| cisco | unified_meetingplace_web_conferencing | 8.0(1) | cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.0\(1\):*:*:*:*:*:*:* |
| cisco | unified_meetingplace_web_conferencing | 8.0(1)_sr1 | cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.0\(1\)_sr1:*:*:*:*:*:*:* |
Related
securityvulns
securityvulns
Cisco Unified MeetingPlace password reset
2015-07-26 00:00:00
nvd
nvd
CVE-2015-4262
2015-07-24 14:59:02
nessus
nessus
cisco
cisco
Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability
2015-07-22 16:00:00
cvelist
cvelist
CVE-2015-4262
2015-07-24 14:00:00
prion
prion
Command injection
2015-07-24 14:59:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.8
Confidence
Low
EPSS
0.002
Percentile
52.6%
Related for CVE-2015-4262