The vulnerability is due to insufficient parameter string security. An attacker could exploit this vulnerability by creating a password-protected meeting and utilizing system-provided parameters to change a non-administrative user password. A successful exploit could allow an attacker to change the password of a targeted user.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2iBsh2h
The vulnerability is due to insufficient parameter string security. An attacker could exploit this vulnerability by creating a password-protected meeting and utilizing system-provided parameters to change a non-administrative user password. A successful exploit could allow an attacker to change the password of a targeted user.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2iBsh2h
Security Impact Rating: Medium
CVE: CVE-2017-3795
from Cisco Security Advisory http://ift.tt/2iBsh2h
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.