CVE-2018-15446

Cisco Meeting Server Information Disclosure Vulnerability

CVSS 5.3 MEDIUMEPSS 2.2%CWE-200

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.3EPSS 2.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

08 nov 2018Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this vulnerability by sending meeting requests to an affected system. A successful exploit could allow the attacker to determine the values of meeting room unique identifiers, possibly allowing the attacker to conduct further exploits.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Productos afectados

Cisco · Cisco Meeting Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meeting-server http://www.securityfocus.com/bid/105856