Release date:
Updated on: 2013-07-26
Affected Systems:
Cisco uniied MeetingPlace 8.x
Cisco uniied MeetingPlace 6.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2013-3438
The Cisco Unified MeetingPlace conferencing solution allows organizations to host integrated voice, video, and web meetings.
Cisco uniied MeetingPlace 8.5 SR2 (4) has an error in the Web conference authorization mechanism. This mechanism does not properly verify certain parameters and can be exploited by attackers to modify client requests or specially construct malicious HTTP requests, and submit it to the affected system to obtain the access permission of the restricted function and obtain sensitive information.
<* Source: vendor
Link: http://secunia.com/advisories/54281/
Http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3438
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.cisco.com/go/psirt