First published: Fri Oct 05 2018(Updated: )
A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Meeting Server | =2.0.0 | |
Cisco Meeting Server | =2.1.0 | |
Cisco Meeting Server | =2.2.0 | |
Cisco Meeting Server | =2.2.5 | |
Cisco Meeting Server | =2.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0439 is a vulnerability in the web-based management interface of Cisco Meeting Server that could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
The severity of CVE-2018-0439 is high with a CVSS score of 8.8.
Versions 2.0.0, 2.1.0, 2.2.0, 2.2.5, and 2.3.0 of Cisco Meeting Server are affected by CVE-2018-0439.
An attacker can exploit CVE-2018-0439 by performing a cross-site request forgery (CSRF) attack on the web-based management interface of Cisco Meeting Server.
Yes, Cisco has released a security advisory with mitigations and software updates to address CVE-2018-0439. Please refer to the advisory for more information.