#VU12386 Configuration error in Cisco Meeting Server
Vulnerability identifier: #VU12386
Vulnerability risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-16
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco Meeting Server
Client/Desktop applications /
Multimedia software
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information the target system.
The weakness exists due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface. A remote attacker can gain unauthenticated access to configuration and database files as well as sensitive meeting information.
Mitigation
Update to version 2.2.11.
Vulnerable software versions
Cisco Meeting Server: 1.9 - 2.4
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-cms-cx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
