Main Vulnerability Database SB2018110813

SB2018110813 - Information disclosure in Cisco Meeting Server

Published: November 8, 2018

Security Bulletin ID SB2018110813

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2018-15446)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. A remote attacker can send meeting requests, determine the values of meeting room unique identifiers and conduct further exploits.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meeting-serv...