The password-change feature in Cisco Unified MeetingPlace Web Conferencing prior to 8.5(5) MR3 and 8.6 prior to 8.6(2) does not check the session ID or require entry of the current password, which allows remote malicious users to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco unified meetingplace web conferencing 6.0.417.0 |
||
cisco unified meetingplace web conferencing 6.0_base |
||
cisco unified meetingplace web conferencing 8.5\\(3\\) |
||
cisco unified meetingplace web conferencing 7.0\\(2\\)_sr1 |
||
cisco unified meetingplace web conferencing 7.0\\(2\\) |
||
cisco unified meetingplace web conferencing 8.5\\(1\\) |
||
cisco unified meetingplace web conferencing 8.0\\(1\\) |
||
cisco unified meetingplace web conferencing 8.5\\(2\\)_sr2 |
||
cisco unified meetingplace web conferencing 8.0\\(2\\) |
||
cisco unified meetingplace web conferencing 8.0\\(1\\)_sr1 |
||
cisco unified meetingplace web conferencing 8.5\\(4\\) |
||
cisco unified meetingplace web conferencing 7.0\\(1\\) |
||
cisco unified meetingplace web conferencing 7.1\\(1\\) |
||
cisco unified meetingplace web conferencing 7.1\\(2\\) |
||
cisco unified meetingplace web conferencing 7.0\\(3\\) |
||
cisco unified meetingplace web conferencing 8.5\\(2\\)_sr1 |
||
cisco unified meetingplace web conferencing 8.5\\(2\\) |