Описание
Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 2, and 8.5 before 8.5MR3 Patch 1, when the Remember Me option is used, does not properly verify cookies, which allows remote attackers to impersonate users via a crafted login request, aka Bug ID CSCuc64846.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:cisco:unified_meetingplace_web_conferencing_server:7.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_meetingplace_web_conferencing_server:8.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_meetingplace_web_conferencing_server:8.5:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00446
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 2, and 8.5 before 8.5MR3 Patch 1, when the Remember Me option is used, does not properly verify cookies, which allows remote attackers to impersonate users via a crafted login request, aka Bug ID CSCuc64846.
EPSS
Процентиль: 63%
0.00446
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-264