Cisco Unified MeetingPlace视频会议系统绕过认证漏洞

BUGTRAQ ID: 33901
CVE(CAN) ID: CVE-2009-0614

Cisco Unified MeetingPlace是思科的网络会议解决方案。

Cisco Unified MeetingPlace Web Conferencing服务器中的漏洞可能允许未经认证的用户使用特制的URL绕过服务器的认证机制。如果被成功利用的话，用户可以获得对Cisco Unified MeetingPlace应用的管理访问。

Cisco Unified MeetingPlace 7.0
Cisco Unified MeetingPlace 6.0
厂商补丁：

Cisco

Cisco已经为此发布了一个安全公告（cisco-sa-20090225-mtgplace）以及相应补丁:
cisco-sa-20090225-mtgplace：Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability
链接：<a href=“http://www.cisco.com/warp/public/707/cisco-sa-20090225-mtgplace.shtml” target=“_blank”>http://www.cisco.com/warp/public/707/cisco-sa-20090225-mtgplace.shtml</a>

补丁下载：
<a href=“http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278875240” target=“_blank”>http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278875240</a>
<a href=“http://tools.cisco.com/support/downloads/go/Model.x?mdfid=278816725&amp;mdfLevel=Software Version/Option&amp;treeName=Voice and Unified Communications&amp;modelName=Cisco Unified MeetingPlace Web Conferencing&amp;treeMdfId=278875240” target=“_blank”>http://tools.cisco.com/support/downloads/go/Model.x?mdfid=278816725&amp;mdfLevel=Software Version/Option&amp;treeName=Voice and Unified Communications&amp;modelName=Cisco Unified MeetingPlace Web Conferencing&amp;treeMdfId=278875240</a>