SB2016071808 - Cross-Site vulnerability in Cisco WebEx Meetings Server in Cisco WebEx Meetings Server

Description

This security bulletin contains information about 1 security vulnerability.

1) Cross-Site vulnerability in Cisco WebEx Meetings Server (CVE-ID: CVE-2016-1448)

The vulnerability allows a remote attacker to perform cross-site request forgery (CSRF) attacks.

The vulnerability exists due to insufficient CSRF protections. A remote attacker can conduct cross-site request by convincing the user of the affected system to follow a malicious link. A successful exploit allows an attacker to submit arbitrary requests to the affected device.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Install update from vendor's website.

References

• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-wms2
• https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy92706