BID:105856

Cisco Meeting Server CVE-2018-15446 Information Disclosure Vulnerability

CVE-2018-15446 |

Info

Cisco Meeting Server CVE-2018-15446 Information Disclosure Vulnerability

Bugtraq ID:	105856
Class:	Input Validation Error
CVE:	CVE-2018-15446
Remote:	Yes
Local:	No
Published:	Nov 07 2018 12:00AM
Updated:	Nov 07 2018 12:00AM
Credit:	Andrea Marini and Francesco Russo from NTT DATA Italia, and Yamila Levalle from Innovation and Lab at ElevenPaths
Vulnerable:	Cisco Meeting Server 2.4 Cisco Meeting Server 2.3 Cisco Meeting Server 2.2

Not Vulnerable:

Discussion

Cisco Meeting Server CVE-2018-15446 Information Disclosure Vulnerability

Cisco Meeting Server is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.

This issue is being tracked by Cisco bug ID CSCvk16348.

Exploit / POC

Cisco Meeting Server CVE-2018-15446 Information Disclosure Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]

Solution / Fix

Cisco Meeting Server CVE-2018-15446 Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Cisco Meeting Server CVE-2018-15446 Information Disclosure Vulnerability

References:

Cisco Homepage (Cisco )
Cisco Meeting Server Information Disclosure Vulnerability (Cisco)