103 matches found
CVE-2017-12249
CVE-2017-12249 concerns Cisco Meeting Server (CMS) TURN server misconfiguration. Multiple sources confirm an authentication-required attacker could use a TURN server to connect to internal CMS components (Call Bridge, Web Bridge, or a database cluster) and access sensitive information or unauthen...
Cisco Meeting Server TURN Server Unauthorized Access and Information Disclosure Vulnerability
A vulnerability in the Traversal Using Relay NAT TURN server included with Cisco Meeting Server CMS could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrec...
Code injection
The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time...