Main Vulnerability Database SB2018060709

SB2018060709 - Information disclosure in Cisco Meeting Server

Published: June 7, 2018

Security Bulletin ID SB2018060709

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Information disclosure (CVE-ID: CVE-2018-0263)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.

The vulnerability exists in Cisco Meeting Server (CMS) due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. An adjacent attacker can gain unauthenticated access to configuration and database files and sensitive meeting information.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id