CiscoCISCO-SA-20150623-CVE-2015-4208Cisco WebEx Meeting Center GET Parameter Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
61.0%
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to view sensitive information that is transmitted in GET parameters or perform SQL injection.
The vulnerability is due to the inclusion of sensitive information in the URL as GET parameters. An attacker could exploit this vulnerability by viewing application URL requests containing sensitive information in GET parameters or by injecting SQL commands directly into the URL.
Cisco has confirmed the vulnerability and released software updates.
A successful exploit of this vulnerability could be leveraged by an attacker to conduct further attacks. Administrators are advised to ensure only trusted users have authorized access to interact with an affected device.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | webex_meeting_center | any | cpe:2.3:a:cisco:webex_meeting_center:any:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
61.0%