CiscoCISCO-SA-20150622-CVE-2015-4207Cisco WebEx Meetings Meeting Access Number Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
43.7%
A vulnerability in Cisco WebEx Meetings could allow an unauthenticated, remote attacker to discover the meeting access number.
The vulnerability is due to the inclusion of sensitive information in URLs. An attacker could exploit this vulnerability by accessing the web page containing meeting registration information. An exploit could allow the attacker to connect to a WebEx meeting without registering to attend.
Cisco has confirmed the vulnerability and released software updates.
To exploit this vulnerability, an attacker must first be able to access the web page containing meeting registration information from a targeted device. The attacker may try to acquire this information via social engineering techniques from a targeted user.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | webex_meeting_center | any | cpe:2.3:a:cisco:webex_meeting_center:any:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
43.7%