Cisco WebEx Meetings Server Unauthorized Invite List Vulnerability

2015-01-23T21:34:14
ID CISCO-SA-20150123-CVE-2014-8036
Type cisco
Reporter Cisco
Modified 2015-01-23T21:34:07

Description

A vulnerability in the outlookpa page of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to modify the invite list of scheduled meetings.

The vulnerability is due to improper sanitization of application programming interface (API) input. An attacker could exploit this vulnerability by submitting crafted URL requests to a vulnerable device.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit the vulnerability, the attacker may need access to trusted or internal networks to transmit crafted data to the targeted system. This access requirement could limit the likelihood of a successful exploit.