CISCO : Cisco Meeting Server HTTP Packet Processing Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.106596

Categoría: CISCO

Título: Cisco Meeting Server HTTP Packet Processing Vulnerability

Resumen: A vulnerability in the Web Bridge interface of the Cisco Meeting Server;(CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory;contents, which could lead to the disclosure of confidential information. In addition, the attacker could;potentially cause the application to crash unexpectedly, resulting in a denial of service (DoS) condition. The;attacker would need to be authenticated and have a valid session with the Web Bridge.

Descripción: Summary:
A vulnerability in the Web Bridge interface of the Cisco Meeting Server
(CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory
contents, which could lead to the disclosure of confidential information. In addition, the attacker could
potentially cause the application to crash unexpectedly, resulting in a denial of service (DoS) condition. The
attacker would need to be authenticated and have a valid session with the Web Bridge.

Vulnerability Insight:
The vulnerability is due to insufficient input validation of an HTTP request.
An attacker could exploit this vulnerability by sending a crafted HTTP packet to a targeted application.

Vulnerability Impact:
A successful exploit could allow the attacker to retrieve memory contents,
which could lead to the disclosure of confidential information or cause a DoS condition.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
5.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-3837
BugTraq ID: 96243
http://www.securityfocus.com/bid/96243
http://www.securitytracker.com/id/1037834

Copyright Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.106596
Categoría:	CISCO
Título:	Cisco Meeting Server HTTP Packet Processing Vulnerability
Resumen:	A vulnerability in the Web Bridge interface of the Cisco Meeting Server;(CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory;contents, which could lead to the disclosure of confidential information. In addition, the attacker could;potentially cause the application to crash unexpectedly, resulting in a denial of service (DoS) condition. The;attacker would need to be authenticated and have a valid session with the Web Bridge.
Descripción:	Summary: A vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. In addition, the attacker could potentially cause the application to crash unexpectedly, resulting in a denial of service (DoS) condition. The attacker would need to be authenticated and have a valid session with the Web Bridge. Vulnerability Insight: The vulnerability is due to insufficient input validation of an HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP packet to a targeted application. Vulnerability Impact: A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information or cause a DoS condition. Solution: See the referenced vendor advisory for a solution. CVSS Score: 5.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-3837 BugTraq ID: 96243 http://www.securityfocus.com/bid/96243 http://www.securitytracker.com/id/1037834
Copyright	Copyright (C) 2017 Greenbone AG