CVE-2018-15446

Cisco Meeting Server Information Disclosure Vulnerability

CVSS 5.3 MEDIUMEPSS 2.2%CWE-200

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.3EPSS 2.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

08 Nov 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this vulnerability by sending meeting requests to an affected system. A successful exploit could allow the attacker to determine the values of meeting room unique identifiers, possibly allowing the attacker to conduct further exploits.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Cisco · Cisco Meeting Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meeting-server http://www.securityfocus.com/bid/105856