Cisco WebEx Meetings Server CVE-2014-3305 Cross Site Request Forgery Vulnerability
BID:68903
Info
Cisco WebEx Meetings Server CVE-2014-3305 Cross Site Request Forgery Vulnerability
| Bugtraq ID: | 68903 |
| Class: | Design Error |
| CVE: |
CVE-2014-3305 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 25 2014 12:00AM |
| Updated: | Aug 01 2014 12:28AM |
| Credit: | Cisco |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Cisco WebEx Meetings Server CVE-2014-3305 Cross Site Request Forgery Vulnerability
Cisco WebEx Meetings Server is prone to a cross-site request-forgery vulnerability due to insufficient CSRF protections.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
This issue is being tracked by Cisco Bug ID CSCuj81735.
Cisco WebEx Meetings Server is prone to a cross-site request-forgery vulnerability due to insufficient CSRF protections.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
This issue is being tracked by Cisco Bug ID CSCuj81735.
Exploit / POC
Cisco WebEx Meetings Server CVE-2014-3305 Cross Site Request Forgery Vulnerability
To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.
To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.
Solution / Fix
Cisco WebEx Meetings Server CVE-2014-3305 Cross Site Request Forgery Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Cisco WebEx Meetings Server CVE-2014-3305 Cross Site Request Forgery Vulnerability
References:
References:
- Cisco Homepage (Cisco )