Test ID:	1.3.6.1.4.1.25623.1.0.809053
Category:	CISCO
Title:	Cisco Webex Meetings Server Java Deserialization Vulnerability
Summary:	Cisco Webex Meetings Server is prone to a java deserialization vulnerability.
Description:	Summary: Cisco Webex Meetings Server is prone to a java deserialization vulnerability. Vulnerability Insight: The flaw is due to an insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by submitting crafted input to an application on a targeted system that uses the ACC library. Vulnerability Impact: Successful exploitation allows an unauthenticated, remote attacker to execute arbitrary code. Affected Software/OS: Cisco Webex Meetings Server 2.5 before 2.5.1.6183, 2.6 before 2.6.1.45 and 2.0 versions. Solution: Update to Cisco Webex Meetings Server version 2.5.1.6183 or 2.6.1.1099 or 2.6.1.45 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6420 BugTraq ID: 78872 http://www.securityfocus.com/bid/78872 CERT/CC vulnerability note: VU#581311 https://www.kb.cert.org/vuls/id/581311 Cisco Security Advisory: 20151209 Vulnerability in Java Deserialization Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization https://www.tenable.com/security/research/tra-2017-14 https://www.tenable.com/security/research/tra-2017-23 https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21@%3Ccommits.samza.apache.org%3E
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.