Cisco WebEx Meetings Server Cross-Site Request Forgery (CVE-2016-1448)
Cisco WebEx Meetings Server Cross-Site Request Forgery (CVE-2016-1448)
Release date:
Updated on:
Affected Systems:
Cisco WebEx Meeting Center 2.7
Description:
CVE (CAN) ID: CVE-2016-1448
Cisco WebEx Meetings is a network conferencing solution.
Cisco WebEx Meetings Server 2.7 has the Cross-Site Request Forgery Vulnerability in the implementation of CSRF protection. Remote attackers can exploit this vulnerability to hijack the authentication of arbitrary users.
<* Source: Cisco
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-wms2
*>
Suggestion:
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20160714-wms2) and patches for this:
Cisco-sa-20160714-wms2: Cisco WebEx Meetings Server Administrator Interface Cross-Site Request Forgery Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-wms2
This article permanently updates the link address: