CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
58.6%
A vulnerability in multiple Cisco WebEx products could allow an unauthenticated, remote attacker to read files from the cache directory.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by passing a crafted HTTP request to a WebEx node and read files from the cache directory.
Cisco has confirmed the vulnerability in a security notice and software updates are available.
To exploit the vulnerability, an attacker would likely need access to a trusted, internal network to send crafted HTTP requests to the targeted system. This access requirement may reduce the likelihood of a successful attack.
Customers are advised to review the bug reports in the “Vendor Announcements” section for a current list of affected versions.
Software updates are available for Cisco WebEx Meetings Server; however, at the time this alert was first published, software updates for Cisco WebEx Node for MCS were not available.
Administrators are advised to contact the vendor regarding future updates and releases.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | webex_meetings_server | any | cpe:2.3:a:cisco:webex_meetings_server:any:*:*:*:*:*:*:* |
cisco | webex_node_for_mcs | any | cpe:2.3:a:cisco:webex_node_for_mcs:any:*:*:*:*:*:*:* |