Cisco Unified MeetingPlace Web Conferencing Unauthorized Password Change Security Bypass

critical Nessus Plugin ID 85126

Synopsis

The remote web server is running a conferencing application that is affected by security bypass vulnerability.

Description

According to its self-reported version number, the installation of Cisco Unified MeetingPlace Web Conferencing hosted on the remote web server is potentially affected by a security bypass vulnerability due to the lack of validation of the current password and HTTP session ID during a password change request. A remote attacker can exploit this, via a crafted HTTP request, to change the password of an arbitrary user.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Additionally, the coarse nature of the version information Nessus gathered is not enough to confirm that the application is vulnerable, only that it might be affected.

Solution

Upgrade to Cisco Unified MeetingPlace Web Conferencing version 8.5(5) MR3 / 8.6(2) or later.

See Also

http://www.nessus.org/u?e4a352d3

https://tools.cisco.com/bugsearch/bug/CSCuu51839

Plugin Details

Severity: Critical

ID: 85126

File Name: cisco-sa-20150722-mp.nasl

Version: 1.7

Type: remote

Family: CISCO

Published: 7/31/2015

Updated: 6/4/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:cisco:unified_meetingplace_web_conferencing

Required KB Items: Settings/ParanoidReport, installed_sw/Cisco Unified MeetingPlace

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Patch Publication Date: 6/18/2015

Vulnerability Publication Date: 7/22/2015

Reference Information

CVE: CVE-2015-4262

BID: 75996

CISCO-SA: cisco-sa-20150722-mp

IAVA: 2015-A-0178

CISCO-BUG-ID: CSCuu51839