Cisco Jabber for Windows Web-Based User Interface Information Disclosure Vulnerability

2015-06-23T20:06:43
ID CISCO-SA-20150623-CVE-2015-4218
Type cisco
Reporter Cisco
Modified 2015-06-23T20:06:43

Description

A vulnerability in the web-based user interface of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to have read access to information stored in the affected system.

The vulnerability is due to insufficient validation of specific values passed via HTTP GET methods by the affected software. An attacker could exploit this vulnerability by submitting crafted requests to a targeted system. If successful, the attacker could access sensitive system information from the system.

Cisco has confirmed the vulnerability; however, software updates are not available.

To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the link.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.