int(4497)

Vulnerability Bulletins

Vulnerabilidad de salto de autenticación en Cisco Unified MeetingPlace Server

Vulnerability classification
Property Value
Confidence level Oficial
Impact Aumento de privilegios
Dificulty Experto
Required attacker level Acceso remoto sin cuenta a un servicio estandar

System information
Property Value
Affected manufacturer Networking
Affected software Cisco Unified MeetingPlace Web Conferencing 6.0 y 7.0

Description
Se ha descubierto una vulnerabilida enCisco Unified MeetingPlace 6 y 7.

Un atacante remoto podría saltar el sistema de autenticación y obtener acceso administrativo mediante una URL especialmente diseñada.

Solution


Actualización de software

Cisco
Cisco Unified Communications Manager 6.0.517
Cisco Unified Communications Manager 7.0.2
http://tools.cisco.com/support/downloads/

Standar resources
Property Value
CVE CVE-2009-0614
BID 33901

Other resources
Cisco Security Advisory (cisco-sa-20090225-mtgplace)
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml

Version history
Version Comments Date
1.0 Aviso emitido 2009-02-27
Ministerio de Defensa
CNI
CCN
CCN-CERT