Cisco Unified MeetingPlace Directory Enumeration Information Disclosure Vulnerability

2012-05-11T13:48:40
ID CISCO-SA-20120511-CVE-2011-4232
Type cisco
Reporter Cisco
Modified 2015-01-31T04:15:01

Description

Cisco Unified MeetingPlace software contains a vulnerability that could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.

The vulnerability is due to an unspecified error in the affected software that could allow an attacker to enumerate existing folders via directory transversal sequences. An unauthenticated, remote attacker could exploit this vulnerability to access sensitive information on the system. The attacker could use this information to launch further attacks.

Cisco has confirmed this vulnerability and released software updates.

To exploit this vulnerability, an attacker would need to access trusted, internal networks. This access requirement decreases the likelihood of a successful exploit.