Cisco MediaSense Sensitive Data in Query String/Cookie Vulnerability

2013-09-23T17:38:47
ID CISCO-SA-20130923-CVE-2013-5502
Type cisco
Reporter Cisco
Modified 2013-09-23T17:38:43

Description

A vulnerability in the web interface of Cisco MediaSense could allow an unauthenticated, remote attacker to collect sensitive information.

The vulnerability is due to sensitive information being transmitted via an insecure channel. An attacker could exploit this vulnerability by capturing the traffic between the MediaSense server and client. An exploit could allow the attacker to collect sensitive information pertaining to the user authenticated with the affected system.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit this vulnerability, an attacker would likely need access to trusted, internal networks in which the targeted device may reside. This access requirement decreases the likelihood of a successful exploit.