cisco-sa-20191120-webex-centers-infodis: Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability
First published: Wed Nov 20 2019(Updated: )
A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis
Credit: Yakov Shafranovich TPankaj Upadhyay T
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Webex Events Center | ||
| Cisco WebEx Meeting Center | ||
| Cisco Webex Support Center | ||
| Cisco WebEx Training Center |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- collector/cisco-advisory
- source/Cisco
- agent/author
- agent/weakness
- agent/title
- agent/severity
- agent/references
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco webex events center
- canonical/cisco webex meeting center
- canonical/cisco webex support center
- canonical/cisco webex training center