what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Secunia Security Advisory 38259

Secunia Security Advisory 38259
Posted Jan 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Cisco Unified MeetingPlace, which can be exploited by malicious users to gain escalated privileges and by malicious people to conduct SQL injection attacks, create user and administrator accounts, or gain knowledge of sensitive information.

tags | advisory, vulnerability, sql injection
systems | cisco
SHA-256 | a43843802b44a5de0344d218398083dbc1b0a599903ee3d79cccb4a3fdfe8479

Secunia Security Advisory 38259

Change Mirror Download
----------------------------------------------------------------------



Secunia integrated with Microsoft WSUS
http://secunia.com/blog/71/



----------------------------------------------------------------------

TITLE:
Cisco Unified MeetingPlace Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA38259

VERIFY ADVISORY:
http://secunia.com/advisories/38259/

DESCRIPTION:
Some vulnerabilities have been reported in Cisco Unified
MeetingPlace, which can be exploited by malicious users to gain
escalated privileges and by malicious people to conduct SQL injection
attacks, create user and administrator accounts, or gain knowledge of
sensitive information.

1) Unspecified input is not properly sanitised before being used in a
SQL query. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.

The vulnerability is reported in versions prior to 6.0.639.2 and
7.0(2.3) hotfix 5F.

2) An unspecified error when processing requests sent to the internal
interface of the web server can be exploited to bypass restrictions
and create MeetingPlace or administrator accounts.

The vulnerability is reported in versions prior to 6.0.639.3 and
7.0(2.3) hotfix 5F.

3) An error in the MeetingTime authentication mechanism can be
exploited to gain knowledge of usernames and passwords.

The vulnerability is reported in versions prior to MeeetingPlace 6
MR5.

4) An unspecified error in the MeetingTime authentication mechanism
can be exploited by normal users to escalated their privileges to
those of administrator accounts.

The vulnerability is reported in versions prior to MeeetingPlace 6
MR5.

SOLUTION:
Update to the latest version.
http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278785523

PROVIDED AND/OR DISCOVERED BY:
The vendor credits National Australia Bank's Security Assurance team
and Credit Suisse.

ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20100127-mp.shtml

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close