Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing

Summary

• Cisco Unified MeetingPlace Web Conferencing is affected by two vulnerabilities:
  

  • Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability
  • Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability

  
  Exploitation of the Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability may allow an unauthenticated, remote attacker to send Structured Query Language (SQL) commands to manipulate the MeetingPlace database stores information about server configuration, meetings, and users. These commands may be used to create, delete, or alter some of the information in the Cisco Unified MeetingPlace Web Conferencing database.
  
  Exploitation of the Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability may allow an unauthenticated, remote attacker to create a buffer overrun condition that may cause the Web Conferencing server to become unresponsive.
  
  Cisco has released software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. This advisory is available at the following link:
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-mp

Affected Products

• Vulnerable Products

  The following versions of Cisco Unified MeetingPlace Web Conferencing are vulnerable to Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability:
  
  

  Version	Affected
  Prior to 7.0	No
  7.0	Yes
  7.1	Yes
  8.0	Yes
  8.5	Yes

  
  
  The following versions of Cisco Unified MeetingPlace Web Conferencing are vulnerable to Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability:
  
  

  Version	Affected
  Prior to 7.0	Yes
  7.0	Yes
  7.1	Yes
  8.0	Yes
  8.5	Yes

  
  Note: Cisco Unified MeetingPlace Web Conferencing versions prior to 7.0 reached end of software maintenance. Customers running versions prior to 7.0 should contact their Cisco support team for assistance in upgrading to a supported version of Cisco Unified MeetingPlace.

  Products Confirmed Not Vulnerable

  No other Cisco products are currently known to be affected by these vulnerabilities.

Details

• The Cisco Unified MeetingPlace conferencing solution provides functionality that allows organizations to host integrated voice, video, and web conferencing. The solution is deployed on network and integrated directly into an organization's private voice/data networks and enterprise applications. Cisco Unified MeetingPlace servers can be deployed so that the server is accessible from the Internet, allowing external parties to participate in meetings.
  
  Web Conferencing is a core component of the Cisco Unified MeetingPlace conferencing solution that allows users to share applications and presentations and manage meetings.
  
  Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability
  
  The Cisco Unified MeetingPlace Web Conferencing service contains a vulnerability that could allow an unauthenticated, remote attacker to inject Structured Query Language (SQL) commands, that may affect the integrity and availability of the data stored in the MeetingPlace Web Conferencing internal database. This data may include server configurations, meetings, and users.
  The vulnerability is due to insufficient validation of some of the parameters passed through the HTTP POST method. An attacker could exploit this vulnerability by inserting malicious SQL commands in the HTTP POST request directed to the affected system. An exploit could allow the attacker to modify or delete data from the Web Conferencing database.
  
  This vulnerability is documented in Cisco bug ID CSCtx08939 (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2012-0337
  
  Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability
  
  The Cisco Unified MeetingPlace Web Conferencing service contains a vulnerability that could allow an unauthenticated, remote attacker to create a buffer overrun condition that may cause the Web Conferencing server to become unresponsive.
  The vulnerability is due to insufficient validation of some parameter values of an HTTP POST request. An attacker may be able to exploit this vulnerability by crafting the value of the vulnerable parameters in an HTTP POST request directed to the affected system. An exploit could allow the attacker to cause the Web Conferencing server to become unresponsive.
  
  This vulnerability is documented in Cisco bug ID CSCua66341 (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2012-5416

Workarounds

• No workarounds are available to mitigate these vulnerabilities.

Fixed Software

• Cisco has released software updates that address these vulnerabilities.
  
  The following table contains the first fixed releases of software:
  
  Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability

  Vulnerability	Major Release	First Fix In
  Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability - CSCtx08939	7.0	7.1MR1
  	7.1	7.1MR1
  	8.0	8.0MR1 Patch 1
  	8.5	8.5MR3

  
  Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability

  Vulnerability	Major Release	First Fix In
  Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability - CSCua66341	7.0	7.1MR1 Patch 1
  	7.1	7.1MR1 Patch 1
  	8.0	8.0MR1 Patch 1
  	8.5	8.5MR3

  Recommended Releases

  The following table lists all recommended releases. These recommended releases contain the fixes for all vulnerabilities in this advisory. Cisco recommends upgrading to a release that is equal to or later than these recommended releases.

  Major Release	Recommended Release
  7.0	Migrate to 7.1MR1 Patch 1
  7.1	7.1MR1 Patch 1
  8.0	8.0MR1 Patch 1
  8.5	8.5MR3

  
  
  When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.

  In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
  
  

Exploitation and Public Announcements

• The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

  Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability was reported to Cisco by Daniel Mende from ERNW GmbH.
  Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability was found during internal tests.

URL

• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-mp

Revision History

• Revision 1.1	2012-November-27	Updated the "Vulnerable Products" section to indicate that versions prior to 7.0 are not affected by the SQL injection vulnerability.
  Revision 1.0	2012-October-31	Initial public release.

  Show Less