A vulnerability in the OutlookAction LI of Cisco WebEx Meetings Server could allow an authenticated, remote malicious user to generate sensitive encrypted values. The vulnerability is due to the return of a user's encrypted password. An attacker could exploit this vulnerability by generating these sensitive values. Cisco has confirmed the vulnerability in a security notice and has released software updates. To exploit this vulnerability, an attacker requires authenticated access to the targeted system. Authenticated access may require the malicious user to access trusted, internal networks. These requirements could limit the likelihood of a successful exploit. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco webex meetings server - |
Cisco squashes bugs in WebEx
Cisco has patched four holes in WebEx that allowed attackers to gain access to video conferences and gain other administrative functions. The popular platform contained a cross site request forgery in versions 1.5 and below. Cisco slapped a moderate severity rating on the bug (CVE-2014-8031). "A vulnerability in the web framework code of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery attack," Cisco wrote in an advisory. "The vu...