Multiple Vulnerabilities in Cisco Unified MeetingPlace Solution

2013-04-10T16:00:00
ID CISCO-SA-20130410-MP
Type cisco
Reporter Cisco
Modified 2013-04-10T15:25:46

Description

A vulnerability in the authentication code of the Cisco Unified MeetingPlace Web Conferencing Server could allow an unauthenticated, remote attacker to impersonate a legitimate user and issue arbitrary commands to the affected system.

The vulnerability is due to insufficient verification of the user cookies when the Remember Me option is configured on the affected system. An attacker could exploit this vulnerability by crafting a login request and send it to the affected system. The attacker must know a valid user name to execute the attack. An exploit could allow the attacker to impersonate a legitimate user and compromise the confidentiality, integrity and availability of the affected system with the privileges of that user.

Note: this vulnerability affects only Cisco Unified MeetingPlace Web Conferencing servers that are configured with the Remember Me option. Microsoft Outlook Integration is using the Cisco Unified MeetingPlace Application Server for authentication services, and it is not affected by this vulnerability.

A vulnerability in the authentication code of the webserver component of Cisco Unified MeetingPlace Application Server could allow an unauthenticated, remote attacker to take over a user session after the user has logged out from the affected system.

The vulnerability is due to the affected system not invalidating a user's session when the user logs out. An attacker could exploit this vulnerability by crafting an HTTP GET or POST request and sending it to the affected system. To succeed, the attacker must know the session cookie value from a user that has previously logged out. The Cisco Unified MeetingPlace Application Server will automatically invalidate the session cookie after 30 minutes; therefore the attacker has 30 minutes to perform attack. An exploit could allow the attacker to impersonate a legitimate user and compromise the confidentiality, integrity and availability of the affected system with the privileges of that user.

Cisco Unified MeetingPlace Application Server contains an authentication bypass vulnerability and Cisco Unified MeetingPlace Web Conferencing Server contains an arbitrary login vulnerability. For both vulnerabilities, successful exploitation could allow an unauthenticated, remote attacker to impersonate a legitimate user and send arbitrary commands to the affected system with the privileges of that user.

Cisco has released software updates that address these vulnerabilities. A workaround is available for the Cisco Unified MeetingPlace Web Conferencing Server Arbitrary Login Vulnerability. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp"]