In association with heise online

28 January 2010, 11:54

Cisco fixes vulnerabilities in Unified MeetingPlace

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Cisco Logo Cisco's Unified MeetingPlace voice, video and web conferencing solution contains several holes that allow attackers to compromise vulnerable systems. In a current advisory, the vendor describes an SQL injection hole which can be exploited to manipulate or spy out database contents.

Furthermore, specially crafted URLs can apparently be used for setting up new user accounts without requiring the attacker to sign in beforehand. Other flaws in the authentication protocol allow attackers to manipulate transmitted packets to spy out user names and passwords or even obtain admin privileges.

Versions 5, 6 and 7 of Cisco Unified MeetingPlace are affected, although not all of the vulnerabilities are present in every version. The vendor has released updates to fix the problems – but only for registered customers.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-916187
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit