Multiple vulnerabilities in Cisco Meeting Server



Published: 2018-06-21
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2018-0371
CVE-2018-0359
CWE-ID CWE-20
CWE-113
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Cisco Meeting Server
Client/Desktop applications / Multimedia software

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU13406

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0371

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The vulnerability exists in the Web Admin Interface of Cisco Meeting Server due to insufficient validation of incoming HTTP requests. A remote attacker can send a specially crafted HTTP request to the Web Admin Interface and cause the system to restart, terminating all ongoing calls.

Mitigation

The vulnerability is addressed in the versions 2.2.13, 2.3.4.

Vulnerable software versions

Cisco Meeting Server: 2.2.5

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-meeting-serv...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Session fixation attack

EUVDB-ID: #VU13407

Risk: Low

CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0359

CWE-ID: CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

Exploit availability: No

Description

The vulnerability allow a local unauthenticated attacker to conduct session fixation attack.

The weakness exists in the session identification management functionality of the web-based management interface for Cisco Meeting Server due to the affected application does not assign a new session identifier to a user session when a user authenticates to the application. A local attacker can use a hijacked session identifier to connect to the application through the web-based management interface and hijack an authenticated user's browser session.

Mitigation

The vulnerability is addressed in the versions 2.2.13, 2.3.4.

Vulnerable software versions

Cisco Meeting Server: 2.3

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-cms-sf


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###