Published: 09/01/2015 Updated: 08/09/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote malicious users to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco webex meetings server -

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack The vulnerability is due to insufficient CSRF protections An attacker could exploit this vulnerability by convincing the user of the affected system to follow a malicious link o ...

Change the plan for Sat night, hackers. No more biz meetup eavesdrop LOLs

The Register • Darren Pauli • 14 Jan 2015

Cisco squashes bugs in WebEx

Cisco has patched four holes in WebEx that allowed attackers to gain access to video conferences and gain other administrative functions. The popular platform contained a cross site request forgery in versions 1.5 and below. Cisco slapped a moderate severity rating on the bug (CVE-2014-8031). "A vulnerability in the web framework code of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery attack," Cisco wrote in an advisory. "The vu...

CVE-2014-8031

Vulnerability Summary

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect