← Voltar para CVEs

CVE-2018-0263

HIGH

7.4

Descricao

A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471.

Detalhes CVE

Pontuacao CVSS v3.17.4

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Vetor de ataqueADJACENT_NETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado6/7/2018

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

cisco:meeting_server

Fraquezas (CWE)

CWE-16CWE-1188

Referencias

http://www.securityfocus.com/bid/104419(psirt@cisco.com)

http://www.securitytracker.com/id/1041065(psirt@cisco.com)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id(psirt@cisco.com)

http://www.securityfocus.com/bid/104419(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id/1041065(af854a3a-2127-422b-91ae-364da2661108)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.