Main Vulnerability Database Vulnerabilities #VU13218

Information disclosure in Cisco Meeting Server - CVE-2018-0263

Published: June 6, 2018 / Updated: June 7, 2018

Vulnerability identifier: #VU13218

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0263

CWE-ID: CWE-200

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Meeting Server

Detailed vulnerability description

The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.

The vulnerability exists in Cisco Meeting Server (CMS) due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. An adjacent attacker can gain unauthenticated access to configuration and database files and sensitive meeting information.

How to mitigate CVE-2018-0263

Update to version 2.3.4.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id

Information disclosure in Cisco Meeting Server - CVE-2018-0263

Detailed vulnerability description

How to mitigate CVE-2018-0263

Sources

Please verify you're human