Friday, May 27, 2016

Cisco WebEx Meeting Center Site Access Control User Account Enumeration Vulnerability

A vulnerability in site access control functionality of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to enumerate valid user accounts.

The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by attending or hosting certain meeting types.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/1U9Boxv A vulnerability in site access control functionality of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to enumerate valid user accounts.

The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by attending or hosting certain meeting types.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/1U9Boxv
Security Impact Rating: Medium
CVE: CVE-2016-1410

from Cisco Security Advisory http://ift.tt/1U9Boxv

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.