CVE-2015-4262

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Meetingplace Web Conferencing
Vendor: CVE Published:; 24 July 2015

Summary

The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1033024

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jul 24, 2015
Vulnerability Reserved
Jun 4, 2015