Remote Access Vulnerability in Cisco WebEx Meetings Server
CVE-2018-0110

8.1HIGH

Key Information:

Vendor

Cisco
Status
Cisco Webex Meetings Server
Vendor
CVE Published:
18 January 2018

What is CVE-2018-0110?

A design flaw within Cisco WebEx Meetings Server permits an authenticated remote attacker to bypass account deactivation, enabling access to the remote support account even when it has been disabled through the web application interface. This flaw allows unauthorized modification of server configurations and potential exposure of sensitive customer data. The vulnerability stems from improper account management processes, failing to revoke access for specific user accounts despite being disabled at the application level.

Affected Version(s)

Cisco WebEx Meetings Server Cisco WebEx Meetings Server

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040236
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102773
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.