HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2009-29
Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability

Original Issue Date:March 04, 2009

Severity Rating: High

Systems Affected

  • Cisco Unified MeetingPlace versions 6.0 and 7.0

Overview

A vulnerability has been reported in Cisco Unified MeetingPlace that could allow an unauthenticated, remote attacker to gain administrative access on the target application.

Description

 Cisco Unified MeetingPlace is solution for audio, video and web conferencing from a remote place. The reported vulnerability exists because the Web Conferencing Server does not properly validate authentication credentials. A remote user can supply a specially crafted URL to bypass authentication and gain full administrative access to the application. The exploit could allow the attacker to change configuration settings in the application.

Solution

Apply appropriate fixed versions as mentioned in CISCO Security Advisory.
http://www.cisco.com/warp/public/707/cisco-sa-20090225-mtgplace.shtml

Vendor Information

CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20090225
-mtgplace.shtml

References

 CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20090225
-mtgplace.shtml
http://tools.cisco.com/security/center/viewAlert.x?alertId=17648

SecurityTracker
 http://securitytracker.com/alerts/2009/Feb/1021760.html

SecurityFocus
http://www.securityfocus.com/bid/33901

Secunia
http://secunia.com/advisories/34016/

CVE Name
CVE-2009-0614

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003